PDA

View Full Version : RegEdit.exe (not the Windows program)



29-12-2001, 10:12 PM
I recently acquired from an unknown source a file called RegEdit.exe which proceeded to insert itself into the windows\system folder, and run itself (via the registry) on startup. Once the computer was started it then proceeded to dial out and try to make contact with some external place (which my trusty firewall blocked, so every time really all it did was dial out and then nothing).

However it also blocked all access to any programs that edited the registry, namely Windows' regedit.exe (the one in the windows folder), regcleaner, and msconfig. They just would not run.

I've solved the problem using the trusty safe-mode method, so that's okay.

The main reason for this post is that I want to know what it was that I got - my virus checker, fully updated today, couldn't find anything, even when I scanned the program concerned directly. is this something new, or just some hacking tool someone managed to get me or someone else to unwittingly install (perhaps through another program downloaded...)

Any ideas what it is?

unfortunately I didn't write down the IP address it was trying to contact.

29-12-2001, 10:46 PM
sounds like a trojen. most virus scanners poorly detect trojens. try a trojen scanner and see if it picks it up.

what port did it try to use??

check firewall log

30-12-2001, 12:19 AM
Hi Mike

Ive seen you about a bit so Ill assume you have more that 1 machine on your home network.
Have you considered a network traffic monitor tracker programme the ones like (dare I say it)Hackers use.The one I got records network Traffic that the recieving machine either filters out or wont show or is denied access to.I wont mention any names but to give you an idea (if you look in the places)I can make sense of any data sent to any machine over a network. who to and where from. Regradless of access rights and or filtering.

Worrying isn't it

==Orac==

31-12-2001, 02:02 AM
Perhaps it was worrying 20 years ago when it was new. Switched networks and VPN/encryption technologies are appropriate nowadays.