msxml2r32.exe? what is this?

  • Thread starter Thread starter ...
  • Start date Start date
?

...

Guest
Every time I restart Vista Ult with latest updates, I notice my router's
lights blinking and I recently noticed this setting that keeps coming back
on my Persistent Port Forwarding options:
msxml2r32 Inbound Port 1757 on TCP

I delete this setting and restart the PC, and it's back.

I can't find this find anywhere on my PC. I've searched the net and only
found couple of Korean or Chinese sites that I don't understand, but they
mention Norton Antivirus, and a folder path to
C:\windows\system\msxml2r32.exe
I've looked on HKLM Run and HKCU Run settings in regedit, I've searched the
whole PC (indexed and non-indexed folders) and I am unable to find this
file.
Has anyone else come accross this?
Thanks
Gino
 
RE: msxml2r32.exe? what is this?

It is highly likely to be malware of some sort. Malware can configure your
router if it is configurable via UPNP, or if you have typed your password for
the router on the infected system.

I found one site that stated the file name has been found on a virus written
in either Japanese or Korean that randomly chose names. Symantec calls it
antinny. Here's the page:
http://www.symantec.com/security_response/writeup.jsp?docid=2003-080817-4045-99&tabid=3

Have you scanned this system with a virus scanner from neutral media?

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/0470101555?ie=UTF8&tag=protectyourwi-20


"..." wrote:

> Every time I restart Vista Ult with latest updates, I notice my router's
> lights blinking and I recently noticed this setting that keeps coming back
> on my Persistent Port Forwarding options:
> msxml2r32 Inbound Port 1757 on TCP
>
> I delete this setting and restart the PC, and it's back.
>
> I can't find this find anywhere on my PC. I've searched the net and only
> found couple of Korean or Chinese sites that I don't understand, but they
> mention Norton Antivirus, and a folder path to
> C:\windows\system\msxml2r32.exe
> I've looked on HKLM Run and HKCU Run settings in regedit, I've searched the
> whole PC (indexed and non-indexed folders) and I am unable to find this
> file.
> Has anyone else come accross this?
> Thanks
> Gino
>
>
 
Back
Top