Hi all,
this is my first post so I hope I have comprehended and obeyed all the protocols.
bleeping computer seems to be an excellent resource and I am already much appreciative of all the time and effort that is obviously put into it by its creators, moderators and memebers.
I am in the process (following the instructions in Tutotial 101) of trying to eliminate malware (trojan(s) that keeps loading the malware files mssearchnet.exe, nvctrl.exe, possibly others).
I have come across a start up file under the Autoruns Services tab, as follows:
Filename: regsrvc.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
Command: [not sure what this means]
File Location: C:\Program Files\Intel\Wireless\Bin\
Description: Intel PROSet/Wireless Registry Service. Registry interface for Intel Wireless products. Publisher not verified.
There is a file of the same name, but different location in the Startups Database (http://www.bleepingcomputer.com/startups/regsrvc.exe-8927.html) which is "Added by the Troj/Stoped-A trojan. It will create an IE plug-in and opens IE's "about blank" page to run an executable file." and resides in C:\Windows\System32 (as I run Windows XP).
Is the file I have listed a genuine Intel file or a malware executable masquerading as one?
Thanks, ncork