i have noticed that for the past week there has been problems with my pc. such as very slow speeds and a process called regsrv.exe running high cpu resources in my taskmanager. anyway it has been running past avast free antivirus with no worries. but pctools threatfire has been recently removing processes like IEXPLORER.EXE and SERVICES.EXE stating that they are tampering with other files on my pc. ever time i boot my computer the same reports comes up from threatfire and i quarintine both objects. avast has been quiet through all this mayhem but i am starting to wonder if this regsrv.exe process is infected. please help me :-\
i have located the regsrv.exe and have it zipped up in a compressed folder but it is still also running on my pc.
[*] If it gives you a warning about rootkit activity and asks if you want to run a full scan…click on NO, then use the following settings for a more complete scan…
[*] In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED …
[] IAT/EAT
[] Drives/Partition other than Systemdrive (typically C:)
[*] Show All (don’t miss this one)
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg
Click the image to enlarge it
[*] Then click the Scan button & wait for it to finish.
[*] Once done click on the [Save…] button, and in the File name area, type in “ark.txt”
[*]Save the log where you can easily find it, such as your desktop. CautionRootkit scans often produce false positives. Do NOT take any action on any “<— ROOKIT” entries
Please copy and paste the report into your Post.
[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[]Under the Custom Scan box paste this in
I am sorry but i have attempted to download OTL scan several times and something keeps cutting out the download. this happens when i attempted to download blacklight rootkit scanner, hijackthis, sophos, and panda rootkit scanner, plus several other virus scanners.
Well, download those from a clean computer and put them on an USB stick/CD or whatever. If they don’t run even after that, rename them to something like 5476834.EXE or .COM even.
We understand your problem. You dont have to download all those blacklight scanners, spohos scanner etc… Essexboy is a trained malware expert. He will help you remove the infection. Just do as he says and make sure you obey him… atleast until infections are removed. ;D