Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Autoruns Startup Entry "regsrvc.exe"


  • Please log in to reply
1 reply to this topic

#1 ncork

ncork

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 08 April 2006 - 11:08 AM

Hi all,

this is my first post so I hope I have comprehended and obeyed all the protocols.
bleeping computer seems to be an excellent resource and I am already much appreciative of all the time and effort that is obviously put into it by its creators, moderators and memebers.

I am in the process (following the instructions in Tutotial 101) of trying to eliminate malware (trojan(s) that keeps loading the malware files mssearchnet.exe, nvctrl.exe, possibly others).

I have come across a start up file under the Autoruns Services tab, as follows:

Filename: regsrvc.exe
Registry Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RegSrvc
Command: [not sure what this means]
File Location: C:\Program Files\Intel\Wireless\Bin\
Description: Intel PROSet/Wireless Registry Service. Registry interface for Intel Wireless products. Publisher not verified.

There is a file of the same name, but different location in the Startups Database (http://www.bleepingcomputer.com/startups/regsrvc.exe-8927.html) which is "Added by the Troj/Stoped-A trojan. It will create an IE plug-in and opens IE's "about blank" page to run an executable file." and resides in C:\Windows\System32 (as I run Windows XP).

Is the file I have listed a genuine Intel file or a malware executable masquerading as one?

Thanks, ncork

Edited by ncork, 08 April 2006 - 11:15 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,622 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:50 AM

Posted 12 April 2006 - 09:34 AM

Your file is legit and can be left alone.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users