Posted by David G on June 06, 2009 at 13:54:32:
In Reply to: Re: Non DOS question - What is rncsys32? posted by SpywareDr on June 04, 2009 at 16:16:42:
Thank you for your informative reply. After I posted my question here, I continued to search the internet for information about the rncsys32.exe startup program. The only mention of it on the web was at a few Russian and Polish forums. (However, by today it starting to be mentioned on malware forums in this country.)
I did several scans of my computer to see if any of them reported anything about it. The Windows malicious software detection tool didn't pick it up. Spybot didn't pick it up. But the Kaspersky online scanner did. It reported it to be related to the Trojan.Win32.Pakes.nlx backdoor that has been around for a few years. In other words, the Pakes trojan may have mutated and now be dropping the newly named rncsys32 file into such places as %Programs%\Startup\rncsys32.exe, \windows\pss, or somewhere in personal Documents and Settings folders.
I will post this information on the forum you mentioned to see if anybody else is now being infected with it. In the meantime, I would suggest that you all do periodic searches of your computers for rncsys32.
Hope that helps.
: : This may be off the usual subject for this forum, but rncsys32.exe keeps showing up in my startup list. If I search for information about it on Google, nothing shows up (and that's unusual). Anybody know what it is?
: ##
: Recommendation
: Step 1: Follow all of the instructions on the following page first:
: http://discussions.virtualdr.com/showthread.php?t=167915
: Step 2: Post your HijackThis log file for analysis in the following forum:
: http://discussions.virtualdr.com/forumdisplay.php?f=71