strange process

TheMSsForum.com: The Microsoft Software Forum

I've been seeing a process running called "navsse.exe" - it's stored in the
\system32 folder and is marked read-only. It shows up in the usual places in
the registry (run key, run services key, etc.).

It can be deleted from the registry and re-installs itself there prior to
being able to rename the file, which I was able to do by starting in safe
mode. File also seems to be network-aware. Tough file to get rid of, and
none of the anti-virus sites or google have anything on it.

Has anybody heard of this file, and better, how to kill it? Thanks very much.
Top

Re: strange process by Lanwench

Lanwench
Wed Dec 15 19:16:52 CST 2004

r wisz wrote:
> I've been seeing a process running called "navsse.exe" - it's stored
> in the \system32 folder and is marked read-only. It shows up in the
> usual places in the registry (run key, run services key, etc.).
>
> It can be deleted from the registry and re-installs itself there
> prior to being able to rename the file, which I was able to do by
> starting in safe mode. File also seems to be network-aware. Tough
> file to get rid of, and none of the anti-virus sites or google have
> anything on it.
>
> Has anybody heard of this file, and better, how to kill it? Thanks
> very much.

NAV__ sounds like Norton Antivirus. Do you run Norton?


Top

Re: strange process by rwisz

rwisz
Thu Dec 16 04:11:05 CST 2004

No, we don't run Norton (but I agree - NAV DOES sound like it could be a
Norton thing).

Thanks!



"Lanwench [MVP - Exchange]" wrote:

> r wisz wrote:
> > I've been seeing a process running called "navsse.exe" - it's stored
> > in the \system32 folder and is marked read-only. It shows up in the
> > usual places in the registry (run key, run services key, etc.).
> >
> > It can be deleted from the registry and re-installs itself there
> > prior to being able to rename the file, which I was able to do by
> > starting in safe mode. File also seems to be network-aware. Tough
> > file to get rid of, and none of the anti-virus sites or google have
> > anything on it.
> >
> > Has anybody heard of this file, and better, how to kill it? Thanks
> > very much.
>
> NAV__ sounds like Norton Antivirus. Do you run Norton?
>
>
>
Top

Re: strange process by Bob

Bob
Thu Dec 16 18:22:33 CST 2004

New worm variant ... W32/Forbot-CY
http://www.sophos.com/virusinfo/analyses/w32forbotcy.html

--
Bob McCoy

* This posting is provided "AS IS" with no warranties, and confers no
rights.
* Please note I cannot respond to email questions. Please use these
newsgroups.

"Lanwench [MVP - Exchange]"
<lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:uWccx6w4EHA.1596@tk2msftngp13.phx.gbl...
>r wisz wrote:
>> I've been seeing a process running called "navsse.exe" - it's stored
>> in the \system32 folder and is marked read-only. It shows up in the
>> usual places in the registry (run key, run services key, etc.).
>>
>> It can be deleted from the registry and re-installs itself there
>> prior to being able to rename the file, which I was able to do by
>> starting in safe mode. File also seems to be network-aware. Tough
>> file to get rid of, and none of the anti-virus sites or google have
>> anything on it.
>>
>> Has anybody heard of this file, and better, how to kill it? Thanks
>> very much.
>
> NAV__ sounds like Norton Antivirus. Do you run Norton?
>
>


Top