i ran my scan and i got these two alarms but im not sure if i can delete them?? Scan Control Dumped @ 21:03:11 04-09-03 RegVal Trace: RAT.Imiserv: HKEY_LOCAL_MACHINE File: Software\Microsoft\Windows\CurrentVersion\Run [Win Server=C:\WINDOWS\winserv.exe] RegVal Trace: RAT.Imiserv: HKEY_LOCAL_MACHINE File: Software\Microsoft\Windows\CurrentVersion\Run [Win Server Updt=C:\WINDOWS\wupdt.exe] any and all help is appreciated.Thanks...
Hi TOONEW and welcome yes you should delete those registry entries but you should search for the files as well. Have a look here: http://www.sophos.com/virusinfo/analyses/trojimiserv.html After you have done this restart your system and scan again to look if they have really gone. Dolf
Hi TOONEW and welcome! And if you're on XP or ME you should make a new restore point so they don't come back either.
Welcome Toonew, If you can tell us a a little more about your system, OS, security software etc. there may be other recommendations that can help you secure your system.
If you still have the files wupdt.exe and winserv.exe email them to gavin@diamondcs.com.au for confirmation You should delete the registry entries immediately and reboot, if they are still there then make sure the EXE files are not running - In TDS, go to System Analysis, Process List and find wupdt.exe or winserv.exe, right click, choose Kill Process Then from the same menu, choose Autostart Explorer, ensure the 2 registry keys you noted are gone Reboot, trojan essentially dead as it cant start itself Delete the files if detected in a file scan, please send them in for confirmation - or in case they are a new variant !