« previous next »
Pages: [1]   Go Down

Author Topic: New virus? svcsys32.exe  (Read 5689 times)

0 Members and 1 Guest are viewing this topic.

StellaDrinker

  • Guest
New virus? svcsys32.exe
« on: August 02, 2004, 10:10:27 PM »
This appeared on my  computer today svcsys32.exe,
I only picked it up because my firewall warned me it was trying to access the internet. If you kill the process, it starts again, if you remove the registry entries they get put back in. I can't get rid of it.

I've tried seval spyware programs and virus checkers.

Here is the hijackthis log

Logfile of HijackThis v1.97.7
Scan saved at 19:03:40, on 02/08/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svcsys32.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\System32\taskmgr.exe
C:\Documents and Settings\Jan\Desktop\Hijack\HijackThis.exe
C:\WINNT\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.karoo.co.uk
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [svcsys32] svcsys32.exe
O4 - HKLM\..\RunServices: [svcsys32] svcsys32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Research (HKLM)
O9 - Extra button: Researcher (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.karoo.co.uk
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Canasta - http://download.games.yahoo.com/games/clients/y/yt1_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt3_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F2A84794-EE6D-447B-8C21-3BA1DC77C5B4} (SDKInstall Class) - file://D:\controls\sdkinst.cab


Logged

StellaDrinker

  • Guest
Re:New virus? svcsys32.exe
« Reply #1 on: August 02, 2004, 10:35:52 PM »
To get rid of it I did this, open task manager and right click the process, choose 'end process tree' (I'm on XP), it came back but I did it again and the process died. I then removed the registry entries and deleted the file (system directory) and rebooted. No sign of it yet.
Logged

whocares

  • Guest
Re:New virus? svcsys32.exe
« Reply #2 on: August 03, 2004, 12:23:20 PM »
Nice one..  ;)

you might want to apply all (important/security-related) windowsupdates
and secure your system & browser better

you can find some advice concerning this in the link "VirusRemoval" below in my sig ;)
Logged

StellaDrinker

  • Guest
Re:New virus? svcsys32.exe
« Reply #3 on: August 06, 2004, 12:04:52 AM »
Oddly enough, I applied all the latest updates the day before I got this one.
Logged

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89687
  • No support PMs thanks
Re:New virus? svcsys32.exe
« Reply #4 on: August 06, 2004, 12:50:10 AM »
There is a later version of HijackThis now 1.98.1
Logged
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD - 27" external monitor 1440p 2560x1440 resolution - avast! free  24.9.6130 (build 24.9.9452.762) UI 1.0.818/ Firefox, uBlock Origin Lite, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Alva

  • Guest
Re:New virus? svcsys32.exe
« Reply #5 on: August 06, 2004, 08:08:30 AM »
You can try the trial version of Antiy Ghostbusters(AGB) to scan the

virus. If you want to delete it, you can register it. Regarding the

details, visit the following website:

http://www.antiy.net/ghostbusters/index.htm

Hope everything goes well !  ;)
Logged

danbohoggins

  • Guest
Re:New virus? svcsys32.exe
« Reply #6 on: August 08, 2004, 02:11:40 PM »
Hi,

I had the same problem in removing the svcsys32.exe virus it got into the system either because I was a bit slow in updating or because my ADSL connection is live a few seconds before my firewall kicks in.
I tried ending process tree but couldn't stop the god damn varmint from reappearing and I obviously couldn't remove it from the system32 directory.  So I simply cut and paste it onto the desktop, where the running process could not find it once ended, then the process could easily be ceased and in 'regedit' you can remove the logs from the run and runservices keys.

Restart and hey presto! the cheeky beggar has vanished.
Logged

Stephan123

  • Guest
Re:New virus? svcsys32.exe
« Reply #7 on: August 08, 2004, 03:37:41 PM »
at danbohoggins

Can you make that image smaller
There are here dial-up people ;)

Thanks
Logged
Pages: [1]   Go Up
« previous next »