« previous next »
Pages: [1]   Go Down

Author Topic: tcpsvcs.exe Egghead Trojan horse  (Read 8671 times)

0 Members and 1 Guest are viewing this topic.

WBG

  • Guest
tcpsvcs.exe Egghead Trojan horse
« on: November 13, 2003, 01:53:10 AM »
javascript:replaceText(' :o')
javascript:replaceText(' :o')

         I was telling my computer group about how great this product was.
 A member (he is a computer store owner) of our computer group stated that only Norton virus can removed Egghead Trojan horse.  So that I problebly have it on my computer (Egghead  Trojan horse) How can I tell that I do not have it and does Azast  detect and repair said virus.
        I seem to have the tcpsvcs.exe in system32 and it is different size than what is on the cab file (disc also) So it looks like it had been modified.
Also tcpsvcs  does open about 5 ports, but all are in listening mode

process         pid    local port  remote ip remote port state  protocol      path
                           
Tcpsvcs.exe   824   0.0.0.0   17         LISTEN   UDP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   19         LISTEN   UDP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   13         LISTEN   UDP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   9         LISTEN   UDP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   7         LISTEN   UDP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   17         LISTEN   TCP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   19         LISTEN   TCP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   13         LISTEN   TCP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   9         LISTEN   TCP   C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe   824   0.0.0.0   7         LISTEN   TCP   C:\WINNT\System32\tcpsvcs.exe

Did take out appropriate settings in Registry there was only one I could change out of the four
« Last Edit: November 13, 2003, 06:13:13 PM by WBG »
Logged

Offline raman

  • Avast Evangelist
  • Advanced Poster
  • ***
  • Posts: 1062
Re:tcpsvcs.exe Egghead Trojan horse
« Reply #1 on: November 13, 2003, 06:03:48 AM »
It is a Systemfile, if it is only in your system32 or and dllcache folder: http://www.liutilities.com/products/wintaskspro/processlibrary/tcpsvcs/

Here a description of the Virus, which is very old: http://vil.nai.com/vil/content/v_99378.htm

and yes Avast will find it: http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=egghead&product=0&offset=10
Logged
MfG Ralf

WBG

  • Guest
Re:tcpsvcs.exe Egghead Trojan horse
« Reply #2 on: November 13, 2003, 06:15:00 PM »
process        pid    local port  remote ip remote port state  protocol      path
                           
Tcpsvcs.exe  824  0.0.0.0  17        LISTEN  UDP C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  19        LISTEN  UDP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  13        LISTEN  UDP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  9        LISTEN  UDP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  7        LISTEN  UDP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  17        LISTEN  TCP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  19        LISTEN  TCP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  13        LISTEN  TCP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  9        LISTEN  TCP  C:\WINNT\System32\tcpsvcs.exe
tcpsvcs.exe  824  0.0.0.0  7        LISTEN  TCP  C:\WINNT\System32\tcpsvcs.exe

Did take out appropriate settings in Registry there was only one I could change out of the four

while changing reg :saw a refenence to a Quotes (software) which was on machine but I did take it off.
« Last Edit: November 13, 2003, 06:17:42 PM by WBG »
Logged
Pages: [1]   Go Up
« previous next »