Help: optix pro

Discussion in 'malware problems & news' started by tuck, Dec 2, 2003.

Thread Status:
Not open for further replies.
  1. tuck

    tuck Registered Member

    Joined:
    Dec 2, 2003
    Posts:
    2
    I just tried TDS-3 and after scanning it splits out just the following:
    Scan Control Dumped @ 20.04.39 02-12-03
    RegVal Trace: RAT.Optix Pro: HKEY_LOCAL_MACHINE
    File: Software\Microsoft\Windows\CurrentVersion\Run [System Profile=c:\windows\system32\regsrv.exe]

    I tried right-clicking and deleting that key on registry but it does not work. I also lokked @msconfig and I noticed I have that c:\windows\system32\regsrv.exe @startup; I could even delete this entry from my startup but I don't know if it's an entry to delete or not.
    Any help?
    Thanks a lot in advance
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi Tuck,

    Welcome at Wilders. :)

    That does definitely not belong in your startup.
    It is trying to fool us to believe it is a Windows file because regsvr.exe is.

    I would have guessed OptixPro from the filename alone and TDS confirming it makes it double-checked.

    After removing it from startup you should be able to remove the file. If you don't succeed, reboot into safe mode and delete it there.

    Regards,

    Pieter
     
  3. tuck

    tuck Registered Member

    Joined:
    Dec 2, 2003
    Posts:
    2
    Thanks a lot for your reply, everything's fine now :)
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Hi tuck,

    Good news indeed. :)

    Regards,

    Pieter
     
Loading...
Thread Status:
Not open for further replies.