1 reply to this topic

[davidford365]

Hi,


I have recently been infected by two rogue web add-ons, Babylon search and General Crawler. I have cleaned most of these off the system however there are still some elements left over. I have exported parts of the registry that will interest you (Current Control Set and Internet Explorer settings for Network Service) as well as my NETSTAT log and the two recent scans that I performed on my system.


There are 8 extra services that start using SVCHOST -k netsvcs and these appear to be random names that are generated. On my system they are:


ATIBTCAP

Mvserver

Nmea

Pimsgss

RTL8169

Szserver

Tga

Wm


I have removed these manually from my system and all is OK now, but am making you aware so these can be removed automatically in the future.


Regards


David Ford

Attached Files

•  Unsafe_reg_entries.zip   472.91K   13 downloads

[Fatdcuk]

Many thanks davidford365,

I will take a look at the data shortly