Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WinRep.exe


  • Please log in to reply

#1
resination

resination

    New Member

  • Member
  • Pip
  • 1 posts
While trying to clean a computer today, I found what looks to be malware undiscovered by spybot, MS Anti-Spyware, Adaware, and AVG Free.

I cleaned assorted trojans off the computer, but one issue remained. Browsing the web, and certain other network activities didn't work. I could ping websites, but couldn't browse to them with either IE or a freshly installed Firefox. AVG/Spybot/etc update would fail due to no connection. Sometimes there was a delay between boot and when network connectivity dropped, but it was never more than a minute or two. I was able to update AVG/Spybot/etc during this time, though the connection dropped out in the middle of an update download multiple times.

Event Viewer showed a tcpip error Event ID: 4226. MS knowledge base didn't say anything about this error. The text was " TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts."

I found the source of this error. Through msconfig, I found a service called "WinRep." I found it after hiding all MS services. This service did not show up in Task Manager. I disabled the service, rebooted and all network functionality returned. I re-enabled it, and the error returned.

I searched MS's knowledge base for winrep.exe. It's the filename of a win98 program used to report hardware information. Figuring WinRep.exe I found was some sort of malware, I did a google for "winrep spyware" which brought me here. I saw hijack this logs that showed WinRep.exe, but it was present in apparantly clean logs.

The date on the file was 6-14-05, so perhaps this is a new piece of malware? If this isn't new, can someone point me to some more information?

Thanks.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP