Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Scanregw.exe ?


  • Please log in to reply
3 replies to this topic

#1 obfuscate

obfuscate

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 21 September 2007 - 04:24 PM

Is scanregw.exe good or bad?
I am getting mixed messages when I try to research.

I opened an email from a friend and downloaded it. (later it turns out she didnt send it but someone hacked into her account and sent it to everyone on her contacts list). But before knowing this I thought it was legit so I ran it. I scanned it first with some anti virus and it said it was fine. When I ran it and it had german popups and then didn't do anything after it ran and I then knew it was bad.

Microsoft's website however has scanregw.exe as just some registry scanner?

Is this malware or not?!?

I renamed it and now I get small windows that pop up on my comp that say "I/O error." I didn't get these when I had left it alone before renaming it.
If it's not malware then why was it sent

please help thank you.

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:05:56 PM

Posted 22 September 2007 - 12:09 PM

Please visit the online Jotti Virus Scanner
Click on Browse button.

Enter the path to the file in the box

Click on the Open button.
The scanner will check the file with various AV companies.
Copy and paste the results box into a reply to this thread.

Edited by rookie147, 22 September 2007 - 12:10 PM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 obfuscate

obfuscate
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 23 September 2007 - 03:33 PM

thank you for that site!

It is malware.

File: scanregw.exe
Status:
INFECTED/MALWARE
MD5: 04f02b6863d174439234e8b1f4c5dc02
Packers detected:
-
Bit9 reports: File not found
Scanner results
Scan taken on 23 Sep 2007 20:24:02 (GMT)
A-Squared
Found nothing
AntiVir
Found HEUR/Malware
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found BehavesLike:Trojan.ShellStartup (probable variant)
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found DLOADER.Trojan (probable variant)
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Rising Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing


Is there anything out there that specifically gets rid of scanregw.exe?
I have it blocked from accessing my internet and renamed and took it out of the file it was in (dont remember sorry) but I want i'd prefer to have it completely gone from my comp. I wasn't able to delete it.

thank you

#4 buddy215

buddy215

  • Moderator
  • 13,505 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:56 AM

Posted 23 September 2007 - 05:27 PM

Since Bit Defender identified the malware you could give the Bit Defender online scan a shot at removing it. Run a scan with Super Antispyware, too.

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This Log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post a log in this forum. http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Edited by buddy215, 23 September 2007 - 05:28 PM.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users