Zone Alarm and winlogin.exe
From: Aaron Young (acyoung@nysernet.org)Date: 12/31/01
- Previous message: Dr. Arul Veda Manickam: "Configuration of OpenLDAP and Kerberos for SSO"
- Next in thread: mcoleman: "Re: Zone Alarm and winlogin.exe"
- Reply: mcoleman: "Re: Zone Alarm and winlogin.exe"
- Reply: Gianluca Manzo: "Re: Zone Alarm and winlogin.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 31 Dec 2001 15:31:05 -0000 From: Aaron Young <acyoung@nysernet.org> To: focus-ms@securityfocus.com('binary' encoding is not supported, stored as-is)
Anyone seen this before? In the last month one of the
sites I manage had an intrusion that forced us to take
our server offline. After putting Zone Alarm on the
Win2K server to see if it caught anything roque trying
to access the Internet, I found the following alert:
Do you want to allow
\??\C:\WINNT\system32\winlogin.exe to access the
Internet?
Since the path to winlogin.exe began with an unknown
character (\??\) I found this to be suspicious.
A.
- Previous message: Dr. Arul Veda Manickam: "Configuration of OpenLDAP and Kerberos for SSO"
- Next in thread: mcoleman: "Re: Zone Alarm and winlogin.exe"
- Reply: mcoleman: "Re: Zone Alarm and winlogin.exe"
- Reply: Gianluca Manzo: "Re: Zone Alarm and winlogin.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
