RE: strange software > winsupdater.exe

From: Jim Harrison (ISA) (jmharr_at_microsoft.com)
Date: 03/16/05

Next message: Nick FitzGerald: "Re: strange software > winsupdater.exe"

Previous message: Harlan Carvey: "Re: strange software > winsupdater.exe"
Maybe in reply to: SDA: "strange software > winsupdater.exe"
Next in thread: Nick FitzGerald: "Re: strange software > winsupdater.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 15 Mar 2005 15:21:37 -0800
To: <sda-cr@racsa.co.cr>, <incidents@securityfocus.com>

Sounds like it might be a variant of Gaobot:
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.
bi.html

Jim Harrison
Security Business Unit (ISA SE)
"I have seen the suitcase in the trash and lived to tell the tale"

-----Original Message-----
From: sda-cr@racsa.co.cr [mailto:sda-cr@racsa.co.cr]
Sent: Tuesday, March 15, 2005 12:39 PM
To: incidents@securityfocus.com
Subject: strange software > winsupdater.exe
Importance: High

Hi:

We are looking at an abnormal program named "winsupdater.exe" and we are
having trouble installing antispyware software on the infected
computers,
and the antivirus is not detecting the malware.
We were able to disable it manual trough regedit, were it leaves a key
entry
in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
named
"Microsoft Window Updater", but anyone knows if this is a new virus or
spyware?

Esteban Lara
Director de IT
Soluciones Digitales de Almacenamiento S.A.

Next message: Nick FitzGerald: "Re: strange software > winsupdater.exe"

Previous message: Harlan Carvey: "Re: strange software > winsupdater.exe"
Maybe in reply to: SDA: "strange software > winsupdater.exe"
Next in thread: Nick FitzGerald: "Re: strange software > winsupdater.exe"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]