Jump to content

termsrv.dll Detected as Trojan


Recommended Posts

Hi,

Hi,

I'm not sure if this is the right forum but i'm not sure if the files i'm reporting here are actually false positives.

I just ran a scan today and malwarebytes detected 3 infected files on my computer. a file called termsrv.dll was detected to be a trojan downloaded, i searched the net and found that none of the sites have sufficient info on this file

Here's the log file:

Malwarebytes' Anti-Malware 1.44

Database version: 3865

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

3/15/2010 12:00:56 AM

mbam-log-2010-03-15 (00-00-53).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 324627

Time elapsed: 43 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice (Trojan.Downloader) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.

False positives have caused my computer to crash before and i'm not sure if i should just delete these files since it might cause my computer to repeatedly crash again.

Has anyone gotten the same results with their scans?

Any input on this would be greatly appreciated.

Link to post
Share on other sites

Hi,

I just ran a scan today and malwarebytes detected 3 infected files on my computer. a file called termsrv.dll was detected to be a trojan downloaded, i searched the net and found that none of the sites have sufficient info on this file

Here's the log file:

Malwarebytes' Anti-Malware 1.44

Database version: 3865

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

3/15/2010 12:00:56 AM

mbam-log-2010-03-15 (00-00-53).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 324627

Time elapsed: 43 minute(s), 53 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice (Trojan.Downloader) -> No action taken.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken.

False positives have caused my computer to crash before and i'm not sure if i should just delete these files since it might cause my computer to repeatedly crash again.

Has anyone gotten the same results with their scans?

Any input on this would be greatly appreciated.

Link to post
Share on other sites

sorry i didn't run mbam.exe/developer the first time so i had to run it then re-scan the whole thing

Here's the resulting log file and i also attached the .rar file of the log to the post

Malwarebytes' Anti-Malware 1.44

Database version: 3867

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

3/15/2010 2:37:05 AM

mbam-log-2010-03-15 (02-37-00).txt

Scan type: Full Scan (C:\|D:\|E:\|)

Objects scanned: 324749

Time elapsed: 31 minute(s), 33 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken. [5B2C34AC11E01536D68F2EA461EFCAFE]

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\termservice (Trojan.Downloader) -> No action taken. [5B2C34AC11E01536D68F2EA461EFCAFE]

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\termsrv.dll (Trojan.Downloader) -> No action taken. [5B2C34AC11E01536D68F2EA461EFCAFE]

I haven't deleted the files yet as it might cause trouble with my computer.

mbam_log_2010_03_15__02_37_00_.rar

Link to post
Share on other sites

There are a few infections replacing this file with modified or beta versions and it looks like this is what happened here .

Attached to this post is the correct version of that file . Your 2 options are to replace your copy with the one attached to this post or to install SP3 . I strongly recommend installing SP3 .

termsrv.zip

Link to post
Share on other sites
There are a few infections replacing this file with modified or beta versions and it looks like this is what happened here .

Attached to this post is the correct version of that file . Your 2 options are to replace your copy with the one attached to this post or to install SP3 . I strongly recommend installing SP3 .

Is that .dll file safe to delete without causing problems for the computer? can't seem to find out what it's actually for.

Link to post
Share on other sites
  • 1 month later...

That was a hack to allow multiple logons in win xp, like in windows server. Are you saying this malwarebytes is just reporting the fact that the file is not the original file and that a hack has been applied?

Or are you saying that the file actually does more than simply allow multiple logons, and downloads more malicious stuff?

Will the file you attached allow multiple simultaneous logins?

Link to post
Share on other sites
  • 2 weeks later...
There are a few infections replacing this file with modified or beta versions and it looks like this is what happened here .

Attached to this post is the correct version of that file . Your 2 options are to replace your copy with the one attached to this post or to install SP3 . I strongly recommend installing SP3 .

Hi there. I'm am having the same problem with my anti malware detecting the termsrv.dll as an infected file... how could i check to see if that file has been hacked or modified. my computer seem to freeze and i think it might be because of the infected termsrv.dll file. Can some one please help. Thanks

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.