svcnxp32.exe, Part 2
From: Frank Wheeler (frankwheeler_at_optonline.net)
Date: 09/16/04
- Next message: Kari [MSFT]: "Re: errorcode 80242006"
- Previous message: Joseph Carrier: "GDI & Detection Tool"
- Next in thread: MowGreen [MVP]: "Re: svcnxp32.exe, Part 2"
- Reply: MowGreen [MVP]: "Re: svcnxp32.exe, Part 2"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 16 Sep 2004 14:35:50 GMT
Hi...
I asked about this file a week ago, got an answer with a question from
"Mow Green," answered that question, and then nothing more.
My latest Norton AV updates were installed last night, and immediately a
RED WARNING came up that stated that svcnxp32.exe was infected with the
W32.IRCbot, and that access to the file was denied.
I immediately went to the Windows (XP, SP2) System32 folder and
attempted to delete that svcnxp32.exe file, but it would not let me.
I opened the Task Manager, found that the svcnxp32.exe process was
running, and stopped it.
I went to the Symantec site and attempted to follow the instructions for
removal of the W32.IRCbot malicious code, but once into the registry,
the "winapii %windir%\winapii\winapii.exe" value was not in the
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
registry key. A reference to svcnxp32.exe was present, however, and that
was deleted.
Back to WinExplorer to delete the svcnxp32.exe file, without success.
Cannot even shut down that Norton RED WARNING window.
I have now gone through my entire registry deleting all references to
svcnxp32.exe, including two in a "Rule 460" registry key, but not the
entire key/folder.
Google does provide some information at this time... from Mow Green, of
course... and acting on someone else's suggestion, I did a search of my
wife's machine on our home network, and while I couldn't find the
svcnxp32.exe file anywhere, I did find two references to it in her
registry, both of which were promptly deleted.
At the time I answered Mow Green's question last week, there was no
"msmacroprotxz.exe" in my System32 folder.
On a hunch just now, I searched both my machine and my registry and
discovered that there was just such a registry value at:
HKEY_USERS\S-1-5-21-2381138938-1749521121-372829268-1007\Software\Microsoft\Search
Assistant\ACMru\5603, but that seems to be as a result of my search for
same on Google... or am I mis-reading this.
This is very frustrating, of course... and I am stumped as to how to
proceed. I can't delete the damned executable file, can't shut down the
Norton RED WARNING, and have no idea how to proceed or even what sort of
risk I am running.
HELP!
Thank you.
-- - Frankly speaking...
- Next message: Kari [MSFT]: "Re: errorcode 80242006"
- Previous message: Joseph Carrier: "GDI & Detection Tool"
- Next in thread: MowGreen [MVP]: "Re: svcnxp32.exe, Part 2"
- Reply: MowGreen [MVP]: "Re: svcnxp32.exe, Part 2"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
