Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

MsSvc32.exe 1

Status
Not open for further replies.
yogi123

yogi123

Technical User
May 20, 2003
31
GB
can anyone tell me what this is and is it ok to disable it
 
Sort by date Sort by votes
I believe this may help:


---- exert from this page ----

W32/Agobot-ME is an IRC backdoor Trojan and network worm.
W32/Agobot-ME is capable of spreading to computers on the local network protected by weak passwords.
When first run W32/Agobot-ME moves itself to the Windows system folder as mssvc32.exe and creates the following registry entries to run itself on system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
mssvc32 = mssvc32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
mssvc32 = mssvc32.exe
On NT-based versions of Windows the worm creates a new service named "mssvc32" with the startup property set to automatic, so that the service starts automatically each time Windows is started.
Each time W32/Agobot-ME is run it attempts to connect to a remote IRC server and join a specific channel. The worm then runs continuously in the background, allowing a remote intruder to access and control the computer via IRC channels.
W32/Agobot-ME attempts to terminate and disable various anti-virus and security related programs.
W32/Agobot-ME attempts to restrict access to several anti-virus and security related websites by appending the following to the HOSTS file:
127.0.0.1 127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 127.0.0.1 sophos.com
127.0.0.1 127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 127.0.0.1 kaspersky.com
127.0.0.1 127.0.0.1 127.0.0.1 avp.com
127.0.0.1 127.0.0.1 networkassociates.com
127.0.0.1 127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1
---- END ----

------------------------
Hit any User to continue
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Rick_
  • Locked
  • Question
Reliance Automax Exec V3 software
Replies
6
Views
829
Andrzejek
Andrzejek
Mike Lewis
  • Locked
  • Question
Using TASKKILL to close a bunch of EXEs
Replies
7
Views
1K
mikrom
mikrom
CDIV
  • Locked
  • Question
.EXE is not a valid Win32 Application 6
Replies
10
Views
606
spamjim
spamjim
AbidingDude
  • Locked
  • Question
Cannot Execute After Adding to PATH
Replies
2
Views
222
AbidingDude
AbidingDude
Glenn9999
  • Locked
  • Question
Shortcut with EXE path > 64 chars 1
Replies
6
Views
272
Glenn9999
Glenn9999

Part and Inventory Search

Sponsor

Back
Top