Possible Variant of IERK8234.SYS
From: Greg Chatten - St. Louis Internet (gchatten@ST-LOUIS.NET)
Date: 03/01/03
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 1 Mar 2003 11:48:42 -0600 From: "Greg Chatten - St. Louis Internet" <gchatten@ST-LOUIS.NET> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
At exactly 16:00Z 3/1/03 a server which was previously infected with the
IERK8234.SYS driver, which caused blue-screen crashes, blue-screened again
specifying a driver name of "P2.SYS". This is on a fully-patched W2K
Advanced Service box which is also running Norton Corporate. No prior
detection was made.
Previously we had removed the IERK issue from a customers' colo server
following all the steps outlined in a previous NTBUGTRAQ advisory, and all
has been running well since then.
I cannot find a descriptive reference to "P2.SYS" anywhere. We located the
file in SAFE MODE under: root\winnt\system32\drivers
and removed it. So far the box has been running fine since.
While no evidence suggest the two are linked, the result (blue-screen) is
certainly in common.
Regards - Greg
G. Chatten
St. Louis Internet, Inc.
http://www.st-louis.net
636-458-2866
Fax: 314-215-4162
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?
Need assistance crafting the format or translating your advisory to English?
Need to verify it, or having problems contacting the Vendor?
Contact mailto:Advisories@NTBugtraq.com
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Next message: Russ: "Re: Alert: Microsoft Security Bulletin - MS03-006"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
