cancel
Showing results for 
Search instead for 
Did you mean: 

Reset5.dll Reset5.exe

We got one PC that got hit with this. We are running MaCafee 8.7 with EPO server. Def version was 5590 at the time

This was in the event viewer:
Event Type: Warning
Event Source: McLogEvent
Event Category: None
Event ID: 258
Date: 2009/04/21
Time: 22:30:20
User: NT AUTHORITY\SYSTEM
Computer: TWTKY00005
Description:
The file C:\WINDOWS\system32\reset5.exe contains Generic.dx Trojan. The file was successfully deleted.

This was in the AV logs:
4/21/2009 10:30:19 PM Not scanned (scan timed out) NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\reset5.dll

4/21/2009 10:30:20 PM Deleted NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\reset5.dll Generic Downloader.x (Trojan)

4/21/2009 10:30:20 PM Deleted NT AUTHORITY\NETWORK SERVICE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\reset5.exe Generic.dx (Trojan)

We also an SMB session established to this computer form another in remote office. I don't have access rights to that box so I can't scan it.

Has anyone ever came across this? Is this another false positive or should we take further action?

Moved to Corporate for better attention. MOD
2 Replies
tonyb99
Level 13
Report Inappropriate Content
Message 2 of 3

RE: Reset5.dll Reset5.exe

there are valid files under XP of that name relating to XP product activation, on the other hand it has also been flagged by various vendors as malware.

http://www.threatexpert.com/files/reset5.dll.html

ideally you would send it to http://www.virustotal.org to check

RE: Reset5.dll Reset5.exe

Looks like your user is trying to do something suspicious, but VirusScan has already detected and deleted the security risk.

http://support.microsoft.com/kb/312295


 


reset5.dll is a file used to circumvent the activation of Windows XP. Though this is a illegal file, it is manually installed by the users.

RESET5.DLL is Winlogon Notify DLL used for continue Windows XP trial period