A computer virus is a small program that infects a computer without the user permission. It attaches itself to other files and quickly multiplies.

It is strongly recommended that you use an antivirus program on your computer and that you keep it updated. This will prevent any infection and clean your computer if it was infected previous to the install.



You are infected with a virus if:



* Your computer is very slow, stops responding, restarts or shuts down by itself from time to time.

* Your hard disk or the removable drives (floppy drive, CD-ROM, USB Flash) are inaccesibles or the files are corrupt.

* Unusual error messages appear.





In case your computer got infected, try the following:



* Get an antivirus program (if you don't have one already) See the Download antivirus page to get a free one.

* Update your antivirus

* Scan all your computer and delete, repair or quarantine the infected files.



If you have problems in eleminating viruses from your computer, you can also try one of the free tools available in the Other download page.



To keep your computer virus free:



* Have an antivirus program and update it from time to time (some even update automatically)

* Use a firewall. Download one from Download firewall page.

* Only download files from sources you trust.

* Don't open e-mail attachments, unless you know who sent it.

* For more protection you can scan your computer with online scanners provided free by some of the best companies. See the Online scanners page.

* Spyware may sometimes be mistaken as a virus. Read about spyware.

2

These messages, are very simple tricks, i have incountered one before. The best, and free anti-virus systems to use is either AVG or Avast! antivirus. These will offer to do a scan upon installation, and you may be asked to restart to start the scan going. the software will then promt you what you would like to do with the virus, once found, and the best way, as it is a file that has been downloaded, and not needed is to delete perminantly. also don't forget to keep the adware out, to speed up your pc, using SpyBot Search and Destroy. Just type these names into google to get a link on where to download. Also you will have to un-install msn messenger or WLM to remove the virus, as it was likely to integrate with the program. This will stop the same message you saw, being sent on to others without you realising.

Results from http://www.Microsft.com

Search Results

Sorry, we couldn't find any pages containing regscan.exe (NoT a part of Windows, so NOT a same-name threat)



RESULTS FROM SYMANTEC: (Didn't you go right here immedaitely ? Why Not ?):



(If this doesn't work, dump Symantec products like everyone else does):

Backdoor.Talex

http://www.symantec.com/security_response/writeup.jsp?docid=2003-012114-0753-99&tabid=3

When Backdoor.Talex is executed, it does the following:

1. Copies itself as %Windir%\Regscan.exe. .....

REMOVAL:

Discovered: January 21, 2003

Updated: February 13, 2007 11:57:23 AM

Also Known As: Backdoor.Talex.287 [KAV], Backdoor-ZE [Mcafee]

Type: Trojan Horse

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP



Update the virus definitions.

1. Run a full system scan and delete all the files detected as Backdoor.Talex.

2. Delete the value:

RegScan %Windir%\Regscan.exe

from the registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

3. Remove the text that was added to the Win.ini file (Windows 95/98/Me only).

For specific details on each of these procedures, read the following instructions.

1. Updating the virus definitions

Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:

* Running LiveUpdate, which is the easiest way to obtain the virus definitions. These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate), in the "Protection" section, at the top of this writeup.

* Downloading the definitions using the Intelligent Updater. The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater), in the "Protection" section, at the top of this writeup.

The Intelligent Updater virus definitions are available here. For detailed instructions on how to download and install the Intelligent Updater virus definitions from the Symantec Security Response Web site, click here.

2. Scanning for and deleting the infected files

1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.

* For Norton AntiVirus consumer products: Read the document, "How to configure Norton AntiVirus to scan all files."

* For Symantec AntiVirus Enterprise products: Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan All Files."

2. Run a full system scan.

3. If any files are detected as infected with Backdoor.Talex, click Delete.

3. Deleting the value from the registry

CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

1. Click Start, and then click Run. (The Run dialog box appears.)

2. Type regedit, and then click OK. (The Registry Editor opens.)

3. Navigate to the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

4. In the right pane, delete the value:

RegScan %Windir%\Regscan.exe

5. Exit the Registry Editor.

4. Removing the text that was added to the Win.ini file

This step is required only if you are using Windows 95/98/Me.

Windows Me users only: Due to the file-protection process in Windows Me, a backup copy of Win.ini exists in the C:\Windows\Recent folder. Symantec recommends that you delete this file before you continue with the steps in this section. To do this using Windows Explorer, go to C:\Windows\Recent, and in the right pane select the Win.ini file and delete it. The Win.ini file will be recreated in C:\Windows\Recent when you save your changes to Win.ini in C:\Windows.

1. Click Start, and then click Run.

2. Type the following:

edit c:\windows\win.ini

and then click OK.

(The MS-DOS Editor opens.)

NOTE: If Windows is installed in a different location, make the appropriate path substitution.

3. In the [windows] section of the file, look for an entry similar to:

run=%Windir%\regscan.exe

4. If this line exists, select its entirety. Be sure that you do not select any other text, and then press Delete.

5. Click File, and then click Save.

6. Click File, and then click Exit.

Writeup By: Kaoru Hayashi

Technical Details



MORE - - - - >



Software Search Results

http://research.sunbelt-software.com/WhatYouShouldKnow.aspx

- You searched for: regscan.exe

Found: 4

Rbot

Trojan-Downloader.KDB

Trojan-Downloader.Win32.Agent.azr

Trojan-Spy.Agent.PO





Trojan.W32.Rbot

http://www.processlibrary.com/directory?files=regscan.exe

regscan.exe is added by Trojan.W32.Rbot. It is a worm which attemps to spread via network shares. It also contains backdoor Trojan capabilities allowing unauthorised remote access to the infected computer. If found on your system make sure that you have downloaded the latest update for your antivirus application. This process is a security risk and should be removed from your system.





Trojan.REGSCAN.Process

http://www.fileresearchcenter.com/search.html?searchitem=regscan.exe&search=Search...

Trojan.REGSCAN.Process poses as a Microsoft Registry scanner and exists in the Windows System folder.

Category : TROJAN





regscan.exe

http://www.auditmypc.com/process/regscan.asp

regscan.exe known as talex trojan regscan, has the following information and may help up understand this process better.

Go to Microsoft site and download software called stinger that will take care of it.

regscan.exe file information

http://www.file.net/process/regscan.exe.html



regscan.exe - regscan - Process Information

Process File: regscan.exe or regscan

Process Name: Trojan.W32.Rbot

Description:

regscan.exe is added by Trojan.W32.Rbot. It is a worm which attemps to spread via network shares. It also contains backdoor Trojan capabilities allowing unauthorised remote access to the infected computer. If found on your system make sure that you have downloaded the latest update for your antivirus application. This process is a security risk and should be removed from your system.



Recommendation for regscan.exe:

DISABLE AND REMOVE regscan.exe IMMEDIATELY.



Try a online antivirus scanner and a online anti-adware/malware/spyware scanner in safe mode with network to clean up your computer BEFORE you download anything.



To get in safe mode tap F8 when booting you computer.

Choose "Safe mode with network".

Go to Start – Run - type iexplore http://www.bitdefender.com/scan8/ie.html Enter(ok).

Do a full system scan. If something is found, delete it, reboot and do the same again in safe mode with network.

When that scan does not find anything you reboot again in safe mode with network.

Go to Start – Run – type iexplore http://www.ewido.net/en/ Enter(ok).

Do a full scan. If you find something, delete it, reboot and do the same again in safe mode with network.



**NOTE: Do NOT do anything else with your computer when scanning. This because you can start virus/adware/spyware/malware manually.



When no one of these scanners are showing anything you can reboot back to normal mode.

------------------

You need to get one antivirus program, one firewall and some spyware/adware/malware removers if you don't have it.

I use Norton Internet Security on my desktop running XP Home SP2.

On my laptop i have Ubuntu 7.04. No security needed in Linux, but i have antivirus and firewall.



Here are some free programs.

BitDefender Anti-Virus Free.

http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html

Avast Anti-Virus Free.

http://www.avast.com/eng/avast_4_home.html

AVG Anti-Virus Free.

http://free.grisoft.com/doc/2/lng/us/tpl/v5

Avast Virus Cleaner - free virus removal tool.

http://www.avast.com/eng/avast-virus-cleaner.html



Firewall Protection.

ZoneAlarm Firewall Free.

http://www.zonealarm.com/store/content/catalog/products/sku_list_za.jsp?dc=34std&ctry=&lang=nb&lid=trial_zaFamily

Easy-to-use firewall blocks hackers and other unknown threats.

* Systematically identifies hackers and blocks access attempts.

Automatically makes your computer invisible to anyone on the Internet.

Use ZoneAlarm if you normally use Windows Firewall.

Disable Windows Firewall after downloading ZoneAlarm if it's not done automatically.



Ad-Aware 2007 Free.

http://www.lavasoftusa.com/products/ad_aware_free.php

Ad-Aware 2007 Free remains the most popular anti-spyware product for computer users around the world, with nearly one million downloads every week. Our free anti-spyware version provides you with advanced protection against spyware that secretly attaches and takes control of your computer, resulting in aggressive advertising pop-ups, sluggish computer activity, even identity theft through stolen bank details, passwords, and credit card account numbers. If you want real-time scanning capabilities, consider upgrading to Ad-Aware 2007 Plus for real-time protection against spyware, all the time.



SUPERAntiSpyware Free.

http://www.superantispyware.com/



AVG Anti-spyware Free.

http://free.grisoft.com/doc/20/lng/us/tpl/v5



Spybot-S&D Free.

http://www.safer-networking.org/en/mirrors/index.html

Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies. If you see new toolbars in your Internet Explorer that you haven't intentionally installed, if your browser crashes inexplicably, or if your home page has been "hijacked" (or changed without your knowledge), your computer is most probably infected with spyware. Even if you don't see the symptoms, your computer may be infected, because more and more spyware is emerging. Spybot-S&D is free, so there's no harm giving it a try to see if something has invaded your computer.



AVG Anti-Rootkit Free.

http://free.grisoft.com/doc/39798/lng/us/tpl/v5

AVG Anti-Rootkit is a powerful tool with state-of-the-art technology for detection and removal of rootkits. rootkits are used to hide the presence of a malicious object like Trojans or keyloggers on your computer. If a threat uses rootkit technology to hide itself it is very hard to find the malware on your PC. AVG Anti-Rootkit gives you the power to find and delete the rootkit and to uncover the threat the rootkit is hiding.



CCleaner free.

CCleaner is a freeware system optimization and privacy tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. But the best part is that it's fast and contains NO spyware or adware.

http://www.ccleaner.com/



ClearAllHistory - clears browser history, cache, cookies, clipboard and remove other computer activity tracks.

http://www.clearallhistory.com/delete-passwords.html



*NOTE: Only have one antivirus program and one firewall installed on your computer.

Anti-adware/malware/spyware are ok to have more of.



Also scan with online scanners sometimes.

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=00&pkj=VOONYHGBYNCJEIMXQKC&bhcp=1

http://www.bitdefender.com/scan8/ie.html

http://www.ewido.net/en/onlinescan/

http://www.kaspersky.com/virusscanner

http://support.f-secure.com/enu/home/ols.shtml



Hope this was helpful.

Good luck.

JTB - Security adviser from Norway.