Strange servicepack.exe file (not service.exe) found.

From: Chip Mefford (cmefford_at_avwashington.com)
Date: 12/16/03

Next message: Michael Lastor: "Need two files for testing"

Previous message: Lachniet, Mark: "RE: DS trojan opens ports fport does not detect?"
Next in thread: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
Reply: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
Reply: Peter Kruse: "SV: Strange servicepack.exe file (not service.exe) found."
Reply: Eric Chien: "Re: Strange servicepack.exe file (not service.exe) found."
Maybe reply: James C Slora Jr: "RE: Strange servicepack.exe file (not service.exe) found."
Maybe reply: Kolde, Jennifer E.: "RE: Strange servicepack.exe file (not service.exe) found."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 16 Dec 2003 13:29:09 -0500
To: incidents@securityfocus.com

Running in the task manager on a windows 98 box on
our lan. The machine was misbehaving badly yesterday
morning. IE 5.5 was broken, will not browse anything,
even a local file. Mozilla 1.5 works fine. The machine
has been flattened and is being reloaded with Win2K.

This machine was screwed down as tight as we could make
it and still have it be useful. It was used by staff
that had no dedicated workstations to access our webmail
and such things.

I know nothing about reverse engineering binary executables.
Strings output showed some concerning lines.

I've posted the file "servicepack.exe" in zipped and
tarred formats both at this url.

http://www.eruditium.org/cmefford/securityfocus/

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Michael Lastor: "Need two files for testing"

Previous message: Lachniet, Mark: "RE: DS trojan opens ports fport does not detect?"
Next in thread: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
Reply: Bojan Zdrnja: "RE: Strange servicepack.exe file (not service.exe) found."
Reply: Peter Kruse: "SV: Strange servicepack.exe file (not service.exe) found."
Reply: Eric Chien: "Re: Strange servicepack.exe file (not service.exe) found."
Maybe reply: James C Slora Jr: "RE: Strange servicepack.exe file (not service.exe) found."
Maybe reply: Kolde, Jennifer E.: "RE: Strange servicepack.exe file (not service.exe) found."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Strange servicepack.exe file (not service.exe) found.
... > Running in the task manager on a windows 98 box on ... > our lan. ... The machine was misbehaving badly yesterday ... > tarred formats both at this url. ...
(Incidents)
Re:
... a network share, the networking is handled by Windows; ... it's treated the same as a local file. ... That should authenticate and de-authenticate you properly, ... There may be a better way of doing this using the Windows ...
(comp.lang.python)
Re: button to open text file
... to open the local file instead? ... question be the same if I moved the db to a Windows machine). ... When you open a URL address without a prefix, ... I would need to check on my Mac to see what that does, ...
(comp.databases.filemaker)
[NT] More Reading of Local Files Vulnerabilities in MSIE
... this vulnerability is similar in concept to: ... Explorer 6 Allows Local File Reading ) ... Internet Explorer version 5.5 (Windows ME) ...
(Securiteam)
RE: Excel Files are in use by another user
... This is a Windows XP Pro with Office 2007 ... It seems to happen whether the file is a local file or a ... network file. ...
(microsoft.public.excel.crashesgpfs)