Jump to content


Recommended Posts

I have just registered with the SUPERAntiSpyware forums, so i am new around here.

I want to discuss and seek advice re: regscan.exe. How do i gain access to 'Spyware, Adware and Malware Diagnosis' forum?

Share this post

Link to post
Share on other sites

Hi Paul and welcome to the SAS forums.

The malware forums is membership locked owing to the information being exchanged.(source's etc).It's membership i believe is granted for folks that supply SAS with new sources of malware or malware that SAS does not detect or clean etc

What is your problem with regscan.exe ?

A quick upload to VirusTotal service for malware checking will give you an integrity check on your version.Is your computer currently infected and what if anything has SAS detected and removed etc


Share this post

Link to post
Share on other sites

OK - well i will explain why i have ended up here in the first place.

I discovered that i had regscan.exe on my pc yesterday. I think it had only been in the system since wednesday as that was when zonealarm started to alert me of its attempts to get internet access (but at the time i didnt recognise it as a trojan - but i did block it).

So i performed an online scan with McAfee which discovered something called 'Generic Spy-e'. I then downloaded the 30 day trial version of McAfee, which said that i had something called 'Ilomo'. I assumed that these were all the same thing but with different names. AVG did not find anything.

So i researched as much as possibe about how to remove regscan.exe and it looked like i would have to manually remove it - deleting registry entries etc. - something that i didnt feel comfortable doing as i lack the expertise. But i found SUPERAntispyware and it detected regscan.exe immediately and removed it. Since then, I cannot find it in the system32 folder nor is it now running in task manager. I have rescanned with both mcAfee scans and they now do not detect anything.

This is great your probably thinking, but i just need some reassurance that it has gone, as superantispyware made the process a lot easier than any of the forums suggest.

I would appreciate your advice.

Share this post

Link to post
Share on other sites

Hi P

It sounds like Regscan has been expunged :P

OK then 2 paths to traverse for more info and part of the learning curve.

1st off Do you know what the infection(attack) vector was for this malware.For example did you you download new software/files onto your computer that might be considered the source.The arrival would have coincided in the same session as the outbound firewall alert or in the previous session.

In this if we can identify how it got on you can learn how not to allow that vector to be used again and thus protect your computer's security :wink:

Secondly we can run some diagnostic tools just to see what is running on your computer at the moment as to whether there is anymore stuff lurking.

Download the following 2 tools.

** Do not use unless under direct instruction since both tools are very powerful/dangerous in their capabilities(if misused) but are avery effective diagnostic/recovery tools in the right hands :)



Please copy and paste the log generated to a reply post.Do not attempt any fix's unless instructed!

RootKit Unhooker

http://www.dslreports.com/r0/download/1 ... 50.400.zip

Please copy and paste the scan log generated(far right tab=Report),again do not take anyother action unless instructed.

Share this post

Link to post
Share on other sites

Thank you for offering your help - It's very irritating having such problems - I have never had malware/virus problems before.

In the last week i have downloaded a lot of ebooks from a number of sources (websites, ebay) and this is what i was doing at around the time of the first alert. Most of them were ZIP files, but my guess is it has probably come through that.

Some of the ebooks i have since deleted, others i have kept but i have scanned these with AVG, McAfee and superantispyware so i assume they are safe. I guess from now on i will make sure i scan every downloaded file with all three.

I am just following the advice at majorgeeks.com on how to prepare for a hijackthis log (i.e. running CCleaner, etc. and then i will post them for your attention.

Thanks once again.

Share this post

Link to post
Share on other sites

With reguards file downloads(anything under 15mb) in size can be uploaded to VirusTotal service for malware checking.

If you run this form of integrity checking first before opening/unzipping or running new files(.exe's) then you will get 29 second opinions on the integrity of the file(s).If it gets flagged by one of the databases then nuke it.

This is not foolproof(nothing is 100%) but will elevate your chances of stopping bad code from installing greatly :)

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...