Tech Support Guy banner
Cancel
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice

new problem, winscv.exe, a virus?

2052 Views 3 Replies 2 Participants Last post by  dvk01
A
Hello

I have a computer in our lab that has a virus (at least thats what our schools security team tells us), it is now unplugged making getting the hijackthis log from it tough.

I ran HJT on it and another computer similar to it and the only real difference was a process called winscv.exe. It was using up 100% of the cpu. I stopped the process, and the computer seems healthy, but the winscv.exe is in windows/system32/ and does not look like the last virus I removed (I cant find any other files)

The regkey only has it as a process to start and no hidden files.

My questions are, is this a virus? where are the rest of the files?

cheers
alvar

ps oh, I was able to get the HJT file...

Logfile of HijackThis v1.97.7
Scan saved at 3:31:26 PM, on 3/22/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\winscv.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\UWCDS\uwcdsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NavNT\vpc32.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\regedit.exe
C:\Documents and Settings\William\Desktop\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows Networking] winscv.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Cyber-Defender 2003] C:\Program Files\UWCDS\uwcdsvr.exe
O4 - HKLM\..\RunServices: [Windows Networking] winscv.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.5251736111
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
See less See more
Save
Like
Status
Not open for further replies.
1 - 2 of 4 Posts
A
Derek
thanks for coming to the rescue. I renamed the virus from winsvc.exe to virus_exe and will email it to you as you suggested.

Cheers
alvar
Save
Like
1 - 2 of 4 Posts
Status
Not open for further replies.
Tech Support Guy
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Hardware Virus & Other Malware Removal Off Topic Lounge Thread Games & Discussion Networking
Top