is this Trojan or Spyware ?

Status
Not open for further replies.
F

freyasprit

hello every one

i seen strange Popup Windows

and i search the problem

finally i find 2 Strange Service at control panel -> service

AND DELETE The Registry

* Distributed Console Manager

* Network XmlProvider Service

(Explanation is Chinease Language)

but i didn't Delete below Registery Contents


"I don't know it is Trojan or spyware

plz answer me"


===

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services


Distributed Console Manager

C:\WINDOWS\System32\svchost.exe -k netsvcs


Network XmlProvider Service

C:\WINDOWS\System32\svchost.exe -k xmlprovider

---

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TEMPLATES\0000

LEGACY_TEMPLATES Default REG_SZ

NextInstance 0x00000001(1)


0000 Default REG_SZ

Class REG_SZ LegacyDriver

ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}

ConfigFlags REG_DWORD 0x000000000(0)

DeviceDesc REG_SZ Distributed Console Manager

Legacy REG_DWORD 0x00000001(1)

service REG_SZ Templates



HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_TEMPLATES\0000

LEGACY_TEMPLATES Default REG_SZ

NextInstance 0x00000001(1)


0000 Default REG_SZ

Class REG_SZ LegacyDriver

ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}

ConfigFlags REG_DWORD 0x000000000(0)

DeviceDesc REG_SZ Distributed Console Manager

Legacy REG_DWORD 0x00000001(1)

service REG_SZ Templates



HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Enum\Root\LEGACY_TEMPLATES\0000

LEGACY_TEMPLATES Default REG_SZ

NextInstance 0x00000001(1)


0000 Default REG_SZ

Class REG_SZ LegacyDriver

ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}

ConfigFlags REG_DWORD 0x000000000(0)

DeviceDesc REG_SZ Distributed Console Manager

Legacy REG_DWORD 0x00000001(1)

service REG_SZ Templates

---

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\XMLPROVIDER\0000

LEGACY_TEMPLATES Default REG_SZ

NextInstance 0x00000001(1)


0000 Default REG_SZ

Class REG_SZ LegacyDriver

ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}

ConfigFlags REG_DWORD 0x000000000(0)

DeviceDesc REG_SZ Network XmlProvider Service

Legacy REG_DWORD 0x00000001(1)

service REG_SZ xmlprovider


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\XMLPROVIDER\0000

LEGACY_TEMPLATES Default REG_SZ

NextInstance 0x00000001(1)


0000 Default REG_SZ

Class REG_SZ LegacyDriver

ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}

ConfigFlags REG_DWORD 0x000000000(0)

DeviceDesc REG_SZ Network XmlProvider Service

Legacy REG_DWORD 0x00000001(1)

service REG_SZ xmlprovider


HKEY_LOCAL_MACHINE\SYSTEM\ControlSet\Enum\Root\XMLPROVIDER\0000

LEGACY_TEMPLATES Default REG_SZ

NextInstance 0x00000001(1)


0000 Default REG_SZ

Class REG_SZ LegacyDriver

ClassGUID REG_SZ {8ECC055D-047F-11D1-A537-0000F8753ED1}

ConfigFlags REG_DWORD 0x000000000(0)

DeviceDesc REG_SZ Network XmlProvider Service

Legacy REG_DWORD 0x00000001(1)

service REG_SZ xmlprovider
 
Hello and welcome to Techspot.

Those two services are not nasty as far as I`m aware. I hope you backed up your registry before making the changes.

Just Google k netsvcs and k xmlprovider.

I suggest you restart the services.

Then, go and read this thread HERE. Post a renamed HJT log as an attachment and I`ll take a look for you.

Regards Howard :wave: :wave:

This thread is for the use of freyasprit only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
 
Status
Not open for further replies.

Similar threads

M
Solved Infection with DOS/Rovnix.gen!A
2
Replies
28
Views
7K
Broni
Broni
brutus
  • Locked
Inactive Multiple iexplore.exe even though not running IE
Replies
1
Views
3K
Superdave1941
S
E
Solved That fake "Chrome" browser.exe infection
2
Replies
49
Views
74K
Broni
Broni

Latest posts

Back