Strange services.exe file

From: Dano (dan_at_thejamzone.com)
Date: 12/08/03

  • Next message: Mortis: "RE: forcdos.exe = serv-u...." 
    Date: Mon, 8 Dec 2003 14:40:10 -0800 (PST)
To: incidents@securityfocus.com

    Hello, I came across a strange services.exe file in WinXP and don't know
    how it got there. This services.exe landed in the root
    c:\windows\services.exe with a hidden attrib flag set. There was also a
    registry key set at HKLM/software/microsoft/windows/currentversion/run
    with the value "services C:\WINDOWS\services.exe -i". What it appeared to
    do was send data back to hosts dhcp-ve3-101.cable.amis.net
    (212.18.53.101) and um-sd04-907.uni-mb.si (164.8.15.109). I'm stil in
    progress of disecting this to find out what exactly it does. Does anyone
    know anything about this?
     
    Thanks
    Dan
     

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Mortis: "RE: forcdos.exe = serv-u...."

    Relevant Pages

    • Re: Strange services.exe file
      ... This services.exe landed in the root ... > c:\windows\services.exe with a hidden attrib flag set. ... suspicious file submission addresses to save you having to dig them out ...
      (Incidents)
    • Re: Strange services.exe file
      ... > WinXP and don't know ... Did a Google search, or search of A/V sites turn up ...
      (Incidents)