RE: Strange services.exe file
Date: 12/11/03

  • Next message: Nick FitzGerald: "Re: Strange services.exe file"
    To: <>
    Date: Wed, 10 Dec 2003 17:41:46 -0600

    I have seen lots of Trojans that are named services.exe. Many of the
    have been different variations of Serve-U FTP server. I use fport from
    foundstone to see what ports the executable is listening on and what
    servers/ports it is connecting to.

    -----Original Message-----
    From: Dano []
    Sent: Monday, December 08, 2003 4:40 PM
    Subject: Strange services.exe file

    Hello, I came across a strange services.exe file in WinXP and don't know
    how it got there. This services.exe landed in the root
    c:\windows\services.exe with a hidden attrib flag set. There was also a
    registry key set at HKLM/software/microsoft/windows/currentversion/run
    with the value "services C:\WINDOWS\services.exe -i". What it appeared
    do was send data back to hosts
    ( and ( I'm stil in
    progress of disecting this to find out what exactly it does. Does anyone
    know anything about this?



  • Next message: Nick FitzGerald: "Re: Strange services.exe file"