msxml2r32.exe? what is this?

09-07-2007

Every time I restart Vista Ult with latest updates, I notice my router's
lights blinking and I recently noticed this setting that keeps coming back
on my Persistent Port Forwarding options:
msxml2r32 Inbound Port 1757 on TCP

I delete this setting and restart the PC, and it's back.

I can't find this find anywhere on my PC. I've searched the net and only
found couple of Korean or Chinese sites that I don't understand, but they
mention Norton Antivirus, and a folder path to
C:\windows\system\msxml2r32.exe
I've looked on HKLM Run and HKCU Run settings in regedit, I've searched the
whole PC (indexed and non-indexed folders) and I am unable to find this
file.
Has anyone else come accross this?
Thanks
Gino

09-08-2007

It is highly likely to be malware of some sort. Malware can configure your
router if it is configurable via UPNP, or if you have typed your password for
the router on the infected system.

I found one site that stated the file name has been found on a virus written
in either Japanese or Korean that randomly chose names. Symantec calls it
antinny. Here's the page:
http://www.symantec.com/security_res...045-99&tabid=3

Have you scanned this system with a virus scanner from neutral media?

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20

"..." wrote:

	Quote:
	> Every time I restart Vista Ult with latest updates, I notice my router's > lights blinking and I recently noticed this setting that keeps coming back > on my Persistent Port Forwarding options: > msxml2r32 Inbound Port 1757 on TCP > > I delete this setting and restart the PC, and it's back. > > I can't find this find anywhere on my PC. I've searched the net and only > found couple of Korean or Chinese sites that I don't understand, but they > mention Norton Antivirus, and a folder path to > C:\windows\system\msxml2r32.exe > I've looked on HKLM Run and HKCU Run settings in regedit, I've searched the > whole PC (indexed and non-indexed folders) and I am unable to find this > file. > Has anyone else come accross this? > Thanks > Gino > >

09-07-2007	#1 (permalink)
... Guest	msxml2r32.exe? what is this? Every time I restart Vista Ult with latest updates, I notice my router's lights blinking and I recently noticed this setting that keeps coming back on my Persistent Port Forwarding options: msxml2r32 Inbound Port 1757 on TCP I delete this setting and restart the PC, and it's back. I can't find this find anywhere on my PC. I've searched the net and only found couple of Korean or Chinese sites that I don't understand, but they mention Norton Antivirus, and a folder path to C:\windows\system\msxml2r32.exe I've looked on HKLM Run and HKCU Run settings in regedit, I've searched the whole PC (indexed and non-indexed folders) and I am unable to find this file. Has anyone else come accross this? Thanks Gino

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
msxml2r32.exe? what is this?	...	Vista General	1	09-08-2007 07:32 PM
msxml2r32.exe? what is this?	...	Vista networking & sharing	1	09-08-2007 07:32 PM