Odd service called “Drenubt”

Discussion in 'other security issues & news' started by Matt_Smi, Jun 1, 2005.

Thread Status:
Not open for further replies.
  1. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359
    I was disabling some services today and noticed an odd one called “Drenubt”. It is set to manual and there is no info provided for it, a Google search turned up nothing as well. If I got to properties its path is C:\WINDOWS\System32\regwiz.exe which to the best of my knowledge is a legit windows system file, so I am not too worried about it. But it is still somewhat odd. Anyone have it on their system or know what it is? Also what is "regwiz"?
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    One of the only reasons to be worried is if that files properties did not say Microsoft ;)

    Many worms in the past have been known to overwrite the original Windows REGWIZ.EXE file.
     
  3. Matt_Smi

    Matt_Smi Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    359

    Yeah, it does say Microsoft under file properties, but not Microsoft Corporation, which is what almost all of them seem to say. It says it was last modified September 3rd 2002 and I uploaded it to Jotti’s which found nothing, so I am pretty sure it is fine. But it is still a bit suspect in my book.
     
Loading...
Thread Status:
Not open for further replies.