Re: Flush.exe & Flushserv.exeFrom: H C (firstname.lastname@example.org)
- Previous message: Rod Trent: "RE: Good software against spam"
- In reply to: Jeremy Broadway: "Flush.exe & Flushserv.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Jul 2002 12:54:10 -0700 (PDT) From: H C <email@example.com> To: Jeremy Broadway <firstname.lastname@example.org>, email@example.com
If these files are still running on the system, here's
what I would suggest...
Get a complete view of the running processes by using
the following commands:
'netstat -a' (native)
Run these commands and redirect the output of each to
a file. Then go to
http://patriot.net/~carvdawg/perl.html and get either
the procdmp.pl Perl script, or the pd.exe executable
(Perl script w/ a GUI compiled into a standalone EXE)
in the archive pd.zip. Either one of these two will
parse through the above 5 files you've created, and
produce an output file similar to:
This is a little easier to read, and may help you
determine something more about these files. Given the
previous thread you mentioned, perhaps running
find.exe on your IIS log files, looking for either
file, would give you something to work with.
HTH...if you have any questions, drop me a line.
--- Jeremy Broadway <firstname.lastname@example.org> wrote:
> These files were discussed approximately one year
> ago, but the thread is
> lacking a lot of information, I was hoping some of
> you guys have some
> more information on these files. The previous
> thread is located here:
> Searching for the
> file names on Google turns up no information either.
> I found these on
> my exchange 2000 box when I was preparing to upgrade
> to exchange 2k sp3.
> Flushserv.exe was running as a service and I am not
> sure what it was
> doing. I'm not sure how it got on there either. It
> says the company
> name is American Megatrends Inc in the description
> of the file (however
> I am not running any of their hardware/software that
> I know of), the
> icon of it though looks like it was crudely drawn in
> ms paint, and the
> flush.exe icon is a standard mfc icon. I almost
> always patch the server
> within 2-3 days of a patch being released and Norton
> Antivirus CE 7.6
> does not detect it as a known virus. A few other
> people have access to
> that box and I will be talking with them today to
> see if they installed
> or changed anything recently.
> Software running on the server includes:
> Windows 2000 Server SP2 + all patches up to now
> IIS 5.0 + all patches and lockdown utilities.
> Arc Serve 2000
> Exchange 2k SP3
> Norton Antivirus CE 7.6 + related tools like the SSC
> console, AMS and
> Intel pds services.
> APC Powerchute Server
> HP Netraid Utility.
> Terminal Services (admin mode)
> Thanks for your help in advance!
> Jeremy Broadway
> Systems Administrator
> Office: 734-425-7977 x115
> Cell: 734-216-9359
Do You Yahoo!?
Yahoo! Health - Feel better, live better