StinkyFeet
IS-IT--Management
Anyone seen a process running called windnsd.exe? It is registered as Windows DNS Daemon and seems to be showing up on only our Win2k machines that got missed by our SUS server and are in need of updates. Once I update them and remove the registry entries this never comes back. On a machine I removed the registry entries and didn't update it came back before I could even log in. Symptoms included cast amounts of spyware getting installed and the system hangs on log in unless you kill one of the two processes it creates. I noticed there is a Microsoft DNS process running on one or two of the affected machines, and figure Windows does not usually use the term 'Daemon' when referring to a service or proces, so I am pretty sure that windnsd.exe is not a process that is part of Windows.
I figure this is a virus whether it be new or a different version of an existing one, but I cannot find any reference to it at any of the major antivirus companies. I google it and only see it on a few sites in peoples hijackthis logs and no one there seems to indicate that anyone should remove it. So I am just curious if anyone has seen this before and if I am ok in removing it from the registry.
Thanks for your input. :^)
-Frank
I figure this is a virus whether it be new or a different version of an existing one, but I cannot find any reference to it at any of the major antivirus companies. I google it and only see it on a few sites in peoples hijackthis logs and no one there seems to indicate that anyone should remove it. So I am just curious if anyone has seen this before and if I am ok in removing it from the registry.
Thanks for your input. :^)
-Frank
