Svrinfo.exe keeps appearing in runonce

[danno74]

I have a user whose PC has had a few issues of late. I have ZoneAlarm on my PC to keep tabs on network traffic. Have been getting NetBios requests from this PC and 3 others. I then get an email from him that has a ascreen shot of a SAV window stating that "trojan.killfiles" has been deleted.

I do a scan and delete the 2 founs files and scan the registry and get rid of what I find. I then fins a updtr.exe file, a know virus. I get rid of that and it's registry entry. I then notice an entry in Software-MS-Windows-CurrentVersion-Runonce for *svrinfo.exe, with the path being c:\winnt\tasks\svrinfo.exe rerun. I delete it and it gets put back in about 1 minute. It will show up under task manager and I will end the process and it will show up in about the same time.

I just went back over after a period of 10 minutes, and the reg entry came back, but the process has not. I cannot find "svrinfo.exe" on the PC. There was another virus found I didn't mention, "vpc32.exe", WORM_AGOBOT.XM. I got rid of it I believe.

Any ideas? Thanks!

 

[szander]

You sure it is not srvinfo.exe? The server info tool from the resource kit?

 

[diogenes10]

Try an online virus scan from someone like trendmicro or pandasoft.

You can try the free trojan scanner from a2.

If the problems persist, use hijackthis or bazooka to get an overall picture of running processes and start removing the problems manually.



-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?

 

[danno74]

Yeah, I am sure that it's not the srvinfo.exe. I go to search Goggle for it and it asks me the same thing.

I'll try the spyware removal and anti-virus tools to see what I find.