Jump to content

Trojan found in memory scan and .net framework.


pejomo
 Share

Recommended Posts

Anyone else had a trojan warning found in memory with advanced memory scanner?

It relates to c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe.   Its on win 8.1 64 bit so disabled framework in "program and features" then enabled it again, but still there was warning for Framework\v2.0.50727\RegSvcs.exe.

 

Online scanners was used eset and housecall + malwarebytes and nothing was found. Still eset reports a trojan dropper in RegSvcs.exe

Link to comment
Share on other sites

  • Administrators

It looks like the malware is injected in that process. Does running a full disk scan using the signature db 9007 find the malware on the disk?

Link to comment
Share on other sites

  • ESET Insiders

Here is FileAlyzer 2.x info about that file on my disk. Maybe you can compare:

 

            filename: RegSvcs.exe
            filepath: C:\windows\Microsoft.NET\Framework\v2.0.50727\
            filesize: 32768
     timestamp[file]: 2010-11-21 03:23:56
  timestampraw[file]: 3D751AFC
           age[file]: 1080
             attribs: A+D-H-L-R-S-
             attribs: A+
             attribs: D-H-L-R-S-
            filetype: PE
               crc32: C92CDC1B
                 md5: D79F070423FDD3F01CE8C2BA3FBBC8ED
                sha1: 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8
         crc32[file]: C92CDC1B
           md5[file]: D79F070423FDD3F01CE8C2BA3FBBC8ED
          sha1[file]: 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8

 

Link to comment
Share on other sites

The RegSvcs.exe does not match the one posted here, so tested one from another fresh virtual image and its the same 

crc32, md5 and sha match. Tried eset and those online scanners available and it finds nothing.

Link to comment
Share on other sites

You can check your RegSvcs.exe with VirusTotal but this is unlikely malicious.

Log form SysInspector and/or Sysinternals Autoruns could tell more.

Link to comment
Share on other sites

  • Administrators

We still don't know what exactly was detected. Please post the complete record from your threat log here. Note that ESET didn't detect the file RegSvcs.exe but malware which is injected in this process. File with sha1 2F8ED26EB714B4EFBE5D7A3167E33ADE82C51FD8 cannot be detected because it's been whitelisted for a long time.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...