Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected with Regsvcs.exe Malware/Keylogger

  • This topic is locked This topic is locked
2 replies to this topic

#1 Gizmo7


  • Members
  • 2 posts
  • Local time:08:34 PM

Posted 28 July 2017 - 02:39 PM

I managed to get this Malware that reappears after every restart after being "removed". Need some help on fully removing it. I've attached the two requested log files, they were too large to paste.


Location of the file is C:\Users\[user]\RegSvcs.exe

Keylog file is under: C:\Users\[user]\AppData\Roaming\dclogs

Edited by Gizmo7, 28 July 2017 - 06:15 PM.

BC AdBot (Login to Remove)


#2 Gizmo7

  • Topic Starter

  • Members
  • 2 posts
  • Local time:08:34 PM

Posted 28 July 2017 - 06:12 PM

I've since fixed this, there was a hidden folder named "wmzf" with a VSR file "huqdsko.vsr" and another file I forget the name of. It was a hidden directory but showing hidden files wasn't enough, you have to also show hidden operating system files. Deleting this hidden directory, the log directory, and then restarting seemed to remove it completely.


So to surmise if someone else encounters this exact issue:


  1. Go into File Explorer Options and show hidden folders, also a bit below that uncheck "Hide protected operating system files"
  2. Go to C:\Users\[yourusername]\
  3. Delete the "wmzf" folder, and delete RegSvcs.exe
  4. Go to C:\Users\[yourusername]\appdata\Roaming\dclogs
  5. Delete the dclogs folder
  6. Run Malwarebytes, (it found 1 registry entry of DC3_XXXXXXXXX)
  7. Restart


After I did these steps my PC was no longer logging every action into the C:\Users\[yourusername]\appdata\Roaming\dclogs folder.


Good luck to anyone else, you can lock this thread now.

Edited by Gizmo7, 28 July 2017 - 06:14 PM.

#3 JSntgRvr


    Master Surgeon General

  • Malware Response Team
  • 11,761 posts
  • Gender:Male
  • Location:Puerto Rico
  • Local time:08:34 PM

Posted 28 July 2017 - 07:59 PM

Thanks for the feedback.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users