• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

unidentified program loads with windows

  • Thread starter Thread starter Om
  • Start date Start date
O

Om

Senior member
I have a program that loads with windows 98SE that I can't find any info about, it's called regsvd.exe. Can't find reference to it at the MS Knowledge base, not in msconfig, and not even searching my registry?!
I did find this on Google.com (no where else on the net) but have no idea what it is?? ¡ó Super Visual Disk for OS/2µÄCracker and then what looks like machine code, it's here

http://www.dlut.edu.cn/~hbwork/Hacker/4/78.html

Dont think it's a trojan or virus, all my scanners are up to date and don't show it as anything.
I believe it's causing my system to lock up a lot because when I close it using control-alt-del things are fine. I did find the program in Windows/System, and I've put it in it's own folder so now when I boot up Windows tells me it can't find it, which is fine with me, but still wonder what it is and how to get rid of windows looking for it on boot?
 
Don't know what it is, but it sounds evil.

Launch "msconfig" and see if you can find it there. Make sure you kill it first before doing it because it may put it back when you reboot. Of course, the startup program group is clean, right?
 
it does sound evil, but it's weird there's no info on it, and as I said I can't find it in msconfig.
 
Can you zip it up and email it to me, I'll have the Symantec Response group take a look at it (email is in my profile).
Bill
 
Sure, but like I said Norton doens't say anthing about it with the latest update, but I'll send it right off for you, thanks.
 
Oops, sorry *slaps eyes*

Maybe something else is launching it when it is run (i.e. it's launched from another program)?

1. Check the win.ini and system.ini
2. Click Start/Find and search for files containing the text "regsvd" <---that's inside the files, not the filename.
3. Do #2 for filename.
4. Search registry for "regsvd"

It's in there somewhere. No such thing as magic... 😀
 
1. Check the win.ini and system.ini
2. Click Start/Find and search for files containing the text "regsvd" <---that's inside the files, not the filename.
3. Do #2 for filename.
4. Search registry for "regsvd

Tried all that before I posted, that's why I think this is so odd, I can't find any reference to it other than the actual .exe in system file itself. I don't know if something else is launching it, I know Windows is told to run it from somewhere I just have no idea where? Maybe not magic but sure is hidden well. 🙂
 
An update, replicaton and anyalsys didn't show anything malicoius. This appears to be an IRC bot program see IrOffer website. Does that ring any bells to you?
Bill
 
Isn't there a 3rd party program that you can install that will list all programs that are launching on startup, regardless of where they launch from?

 
Thanks, I went ahead and submitted to Symantec also and just go the same response.
Never seen iroffer before? Why do you think it's that? I did a search for iroffer on my system and found nothing. Don't know how that was loaded on my system if that's it. At least it's not malicoius. Now that I know I can do a fresh install of Windows which I was planning on anyway, but wanted to know what this was before I did it. Thanks a lot for your help on this.
 
> Thanks, I went ahead and submitted to Symantec also and just go the same response.

I would be quiet upset if you didn't get the same response 😉 (I work there).

> Never seen iroffer before? Why do you think it's that?

Just looking thru the strings encoded in the binary. It's a gcwin application and there are references tot he iroffer web site. Most of the data makes it appear to indeed be an IRC bot (which is what IrOffer is). You can load it up just in notepad and look for things you can read out of all the junk you'll see to get an idea.

> Don't know how that was loaded on my system if that's it. At least it's not malicoius.

Well it is a bot, so malicious probably wasn't the right word. It's not showing viral or worm like activity (so you shouldn't see it attacking other files or trying to spread off your system). BUT, if you look at the description of IrOffer from the site it "iroffer will connect to an irc server and let people request files from it". So, if it is indeed running it's possible that others can grab files from your system without your consent (unless your running a personal firewall, which should warn you if this occurs).

Bill
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top