scrsvr.exe

[mawil]

Anyone know what this is? ZoneAlarm pops up asking if I want to let this file access the network.

It's a 28k file in the Windows directory with no modified date.

Didn't find anything with a google search.

[IMM]

I'd guess it's a trojan but don't recognize the filename. Do you have TDS-3 ?

[AnnMarie]

Hi mawil - Housecall picks up most trojans. You can run a free online scan here

[mawil]

No TDS-3. I've tried housecall before, a long time ago. It didn't want to work on my system.

I also did a restore of a backed up drive image and it got rid of it for a little while. Then it came back last nite.

My cable access has been down over the weekend and I'm connecting using free Juno right now. Soon as the cable is back up, I'll give Housecall another try.

[Tufenuf]

mawil, You could also go to the link below and download "The Cleaner" which has a Free 30 day Trial Period and is excellent at detecting & removing any Trojans your computer may have picked up.

http://www.moosoft.com/thecleaner/

HTH
Tufenuf

[mawil]

Tufenuf, I've scanned with eTrust AV, The Cleaner and Tauscan.

Nothing shows up.

[Tufenuf]

mawil, I found a few references to that file here.

http://groups.google.com/groups?as_q...59-1&lr=&hl=en


You may want to try renaming the file to scrsvr.exe.old and see if it causes any problems. It's worth a try.

Tufenuf

[Buffalo]

Mawil,
If you do decide to try HouseCall anyways, make sure you have all your other anti-virus, etc shut down. In fact, have everything else shut down except what you need to connect.

Have you run AdAware?

[IMM]

It's interesting that most of those references that Tufenuf found are the last couple of days. Can you look through any logs and see what type of request it was. Can you zip the file and email it to me? There's been an interesting rise in udp port 137 stuff over the last couple of days.

[Tufenuf]

mawil, Below is how someone else corrected the scrsvr.exe file problem.


Well, I answered my own questions!!! Am I a computer detective or WHAT......I tried to delete that scrsvr.exe file and it wouldn't let me@%^#@?"}, so I rebooted to DOS and deleted it there..........that HD noise was beginning to drive me crazy, and so I reboot and guess what.......no more noise! whaddarelief.

Sue
She also edited the win.ini file as shown below.

I just had the W32 Hai worm and it was renamed but it keeps causing a notice on bootup that there's a file (caused by the worm)that can't be found; I find a line in the win.ini in sysedit that says run=thefilename.exe,c:/windows/scrsvr.exe

She followed the editing instructions at this link.

http://securityresponse.symantec.com....hllw.hai.html




Tufenuf

[clouiseize]

I aggree with Tuf follow what he says, most trojan accsess files are about that size, and when you rid yourself of that file an error will come up saying the file is missing anyways, so go into windows sys.ini or win.ini and search for any entries with the file name you provided and delete just the name from you dir. had about 4 differnt trojans so i have had some experience ridding myself of them, and just a tip: never download file about that size unless you reall know what it is!!!

[mawil]

Well, I didn't download it. Just don't know where it came from. I did go into dos this morning and deleted it. Just got off work and am going to edit win.ini, etc. now.

I wonder why it came back after doing the drive image restore? That is what is scary.

[mawil]

IMM, as I said, I deleted the file this A.M., but if it comes back again, I'll certainly send it to you.

I just edited my win.ini file and no more messages at startup.

I did find another reference to it in my windows\applog file, scrsvr.lgc.

Got rid of it too.

[Prophet]

I think it's a spy file attached to a program you downloaded.

[Prophet]

CHeck this out anyway:

http://securityresponse.symantec.com/avcenter/venc/data/w32.opaserv.worm.html