RE: services.exe file
From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 12/11/03
- Previous message: David Gillett: "Another New Worm or Worm Variant?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 11 Dec 2003 13:26:19 -0800 To: "dano" <dan@thejamzone.com>, <incidents@securityfocus.com>
ETrust identifies it as Backdoor/Delf.ft virus.
* Jim Harrison
MCP(NT4/2K), A+, Network+
Security Business Unit (ISA SE)
"I used to hate writing assignments, but now I enjoy them.
I realized that the purpose of writing is to inflate weak ideas,
obscure poor reasoning, and inhibit clarity.
With a little practice, writing can be an intimidating and
impenetrable fog!"
-Calvin
-----Original Message-----
From: dano [mailto:dan@thejamzone.com]
Sent: Thursday, December 11, 2003 12:31
To: incidents@securityfocus.com
Subject: Fw: services.exe file
Here's a link to the zipped copy of the services.exe file that I found
on my
system
for anyone that would like to check it out:
http://www.thejamzone.com/services/services.zip
Within in XP, I can NOT uncheck the hidden attribute that is set
although I
can unhide in DOS. After unhiding it, I ran f-prot and it did say that
it
was a "security risk" or backdoor program. It came to my attention after
running a netstat and constantly seeing connections being made to the
two
outside hosts. I then installed a personal firewall and found out
exactly
what application was doing it (should have done this a long time ago).
Dan
------------------------------------------------------------------------
--- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: David Gillett: "Another New Worm or Worm Variant?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
