Microsoft Register Server?

[fatphatboy88]

So a coworker used my personal laptop today and now I am getting the "User account control" pop up for Microsoft Register Server every 90 seconds. This coworker is notorious for clicking on anything and installing anything so I am wary of clicking Yes on this just in case it is a virus disguised as legit Microsoft stuff. Ran Spybot and CCleaner yet it is still popping up. Is it ok to click Yes on?

I am running Windows 8.1 Pro 64 bit with everything up to date.

 

[Snowknight26]

Depends on what the parameter after the "-s" is. It's most likely not a good thing, mind you.

 

[SuperSubZero]

It's clearly trying to access something in c:\users\kbranch\appdata\locallow\{5....

I'm suspecting it's something fishy.

 

[fatphatboy88]

I went to the folder that it is trying to access but the only thing that is in there is folders for Adobe, Brother, Microsoft, and Sun. I have my folder options set to show all hidden files yet I still cannot see what it is trying to access. I searched the full file name with no results.

 

[Snowknight26]

You have to show protected/system files, not just hidden.

Upload it to virustotal.com to see what it is.

 

[fatphatboy88]

I have it showing system files now and the only two things that were added to that folder are two more folders.

EmieSiteList
EmieUserList

They are both empty taking up a total of 0 bytes. Any other ideas?

 

[Snowknight26]

If you want to get your hands dirty you could use Process Explorer to figure out the parent process that's spawning regsvr32. That'll give you a clue as to why it's wanting to run continually.

 

[bigdogchris]

It's trying to silently register a DLL from a user App data folder.

It's likely malware.