Jump to content
Sign in to follow this  
Cookiegal

WinSys2.exe

Recommended Posts

I didn't get the developer mode log as I thought it might not be necessary but if needed I will get it.

C:\WINDOWS\system32\WinSys2.exe

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinSys2 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:

C:\WINDOWS\system32\WinSys2.exe (Trojan.Agent) -> Quarantined and deleted successfully.

http://forums.techguy.org/malware-removal-...tml#post6637593

It looks like the legit Nvidia file. These are all from the ComboFix log:

2009-03-28 01:08 . 2009-03-28 01:08 -------- d-----w c:\windows\system32\AGEIA

2009-03-28 01:08 . 2009-03-28 01:08 -------- d-----w c:\program files\AGEIA Technologies

2009-03-28 01:07 . 2009-03-28 01:07 -------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-03-28 01:07 . 2006-08-23 17:12 81314 ----a-w c:\windows\system32\nvapps.nvb

2009-03-28 01:06 . 2009-02-12 16:00 131072 ----a-r c:\windows\system32\smdll.dll

2009-03-28 01:06 . 2009-02-12 16:00 130048 ----a-r c:\windows\system32\MadCHook.dll

2009-03-28 01:06 . 2009-02-12 16:00 614400 ----a-r c:\windows\system32\msvcr80.dll

2009-03-28 01:06 . 2009-02-12 16:00 32768 ----a-r c:\windows\system32\Auxiliary.dll

2009-03-28 01:06 . 2009-02-12 16:00 208896 ----a-r c:\windows\system32\WinSys2.exe

2009-03-28 01:06 . 2009-02-13 02:26 1789952 ----a-r c:\windows\system32\msicpl.dll

2009-03-28 01:06 . 2009-02-05 16:54 453152 ----a-w c:\windows\system32\NVUNINST.EXE

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.