Re: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up.
From: Christine Kronberg (Christine_Kronberg_at_genua.de)
Date: 08/06/03
- Previous message: Lee Seidman: "Backdoor.Trojan and payload.dat"
- In reply to: Drew Weaver: "Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 6 Aug 2003 18:06:55 +0200 (CEST) To: Drew Weaver <drew@orbityl.com>
On Tue, 5 Aug 2003, Drew Weaver wrote:
> Dig in.
>
> http://www.soul-fu.com/drew.zip
>
> I found this on a Windows 2k SP4 machine without (without) the two most
> recent and critically nessicary patches.
Nav finds a worm called W32/Lolol.worm.gen in juh.exe and dcomx.exe.
It fits to what I saw when let the files run within a vmware.
I'm not sure about the files in the cba directory. According to what
I found with google there seems to be a link to NAV CE (at least to
some antivirus software). Are you sure that they have not been there
earlier?
(I'm not a windows expert: what are *.lrc files? )
Cheers,
Chris.
-- GeNUA mbH --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Lee Seidman: "Backdoor.Trojan and payload.dat"
- In reply to: Drew Weaver: "Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
