Jump to content

Trojan found in memory scan and .net framework.


Recommended Posts

Anyone else had a trojan warning found in memory with advanced memory scanner?

It relates to c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.   Its on win 8.1 64 bit so disabled framework in "program and features" then enabled it again, but still there was warning for Framework\v2.0.50727\RegSvcs.exe.

 

Online scanners was used eset and housecall + malwarebytes and nothing was found. Still eset reports a trojan dropper in RegSvcs.exe

Link to post
Share on other sites
  • ESET Insiders

Here is FileAlyzer 2.x info about that file on my disk. Maybe you can compare:

 

            filename: RegSvcs.exe
            filepath: C:\windows\Microsoft.NET\Framework\v2.0.50727\
            filesize: 32768
     timestamp[file]: 2010-11-21 03:23:56
  timestampraw[file]: 3D751AFC
           age[file]: 1080
             attribs: A+D-H-L-R-S-
             attribs: A+
             attribs: D-H-L-R-S-
            filetype: PE
               crc32: C92CDC1B
                 md5: D79F070423FDD3F01CE8C2BA3FBBC8ED
                sha1: 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8
         crc32[file]: C92CDC1B
           md5[file]: D79F070423FDD3F01CE8C2BA3FBBC8ED
          sha1[file]: 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8

 

Link to post
Share on other sites

The RegSvcs.exe does not match the one posted here, so tested one from another fresh virtual image and its the same 

crc32, md5 and sha match. Tried eset and those online scanners available and it finds nothing.

Link to post
Share on other sites
  • Administrators

We still don't know what exactly was detected. Please post the complete record from your threat log here. Note that ESET didn't detect the file RegSvcs.exe but malware which is injected in this process. File with sha1 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8 cannot be detected because it's been whitelisted for a long time.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...