Re: Strange services.exe file

From: Harlan Carvey (keydet89_at_yahoo.com)
Date: 12/11/03

  • Next message: Fred Bradford: "Re: Fw: services.exe file" 
    Date: Thu, 11 Dec 2003 11:56:09 -0800 (PST)
To: incidents@securityfocus.com

    Nick,

    As much as I hate to say it, my friend...welcome to
    the world of public lists!

    People are always going to respond based on the most
    obvious piece of information. One respondant to this
    post gave a nice little explanation of the
    services.exe file that usually ships w/ Windows
    systems...he just never bothered to take into account
    the path that the OP listed.

    The really scary part about all this is that these
    guys who are responding in this manner are, in many
    cases, admins, or members of CSIRTs themselves. ;-)

    Hasta, dude,

    Harlan

    --- Nick FitzGerald <nick@virus-l.demon.co.uk> wrote:
    > Ansgar -59cobalt- Wiechers
    > <bugtraq@planetcobalt.net> wrote:
    >
    > > Probably the XTC worm (or a mutation of it).
    >
    > That is an unfounded and almost certainly worthless
    > "assertion" based
    > on no more than the filename.
    >
    > How often does this have to be repeated??
    >
    > Filenames are seldom useful _AND NEVER
    > SUFFICIENT_ for diagnosing
    > what malware is present.
    >
    > The OP should, as already advised, send the
    > suspicious file to
    > professional malware analysts if a current virus
    > scanner does not
    > detect it as something already known to be bad.
    >
    >
    > --
    > Nick FitzGerald
    > Computer Virus Consulting Ltd.
    > Ph/FAX: +64 3 3529854
    >
    >
    >
    ---------------------------------------------------------------------------
    >
    ----------------------------------------------------------------------------
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Fred Bradford: "Re: Fw: services.exe file"