Is it malware or a failing CMOS battery

[chakraps]

The system dual boots Win XP SP3 and Linux Mint. When I logged into XP today, I noticed the system time had automatically reset to Jan 1, 2008. Ran avira scan for rootkits and active malware. The only abnormal entry in the report was:

c:\windows\system32\tlntsvr.exe

  [NOTE]      The registry entry is invisible.

There were some warnings on the Net about tlntsvr.exe being telnet server process that might pose security risk. I don't know how the process got turned on.

The bios system time had also reset back to Jan 1, 2008. I recall that my motherboard was purchased around Jan 2008. Later I tried to login to the Linux partition and it wanted to do a disk check and complained about possible disk errors. After running through the check I was able to login to the Linux desktop and verify that it was also showing the old date and time only.

I did a quick search on-line for the issue, and found suggestions that a dying CMOS battery may also exhibit similar characteristics. I felt a tiny bit relieved that it may be a battery issue after all. The original battery has been running unchanged for about 3 years now. While I'm getting a new battery, I wanted to share this with our forum and see what you guys think.

Should tlntsvr.exe be a concern? I'm pretty cautious about keeping the system secure, keeping it patched and stick to user accounts for regular use. I had set it up with all the preventive tips for windows that were stickied on this security forum some time earlier.

Thanks.

 

[seepy83]

You're almost definitely on the right track by replacing the CMOS battery. I'd be shocked if that doesn't fix your problem.

As for the telnet service being turned on - I would disable it via services.msc if you're not using it. No reason to have a telnet server listening for connections if you don't use it.