Re: Possible worm infection or something else?

From: Jimi Thompson (jimit_at_myrealbox.com)
Date: 12/06/03

  • Next message: Jimi Thompson: "Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and Security Pros/Cons" 
    Date: Fri, 05 Dec 2003 18:29:06 -0600
To: security-basics@securityfocus.com

    Sounds more like spyware than a virus if your AV software isn't catching
    anything. Try running SpyBot or Adaware.

    HTH,

    Jimi

    Giancarlo Ballestracci - IT & Technical Support wrote:

    >Hi The Group,
    >I hope someone get me a good advice about this problem. I have a notebook
    >with multiboot startup (2 Win2k, 1 WinXP). On the first partition Win2k,
    >svchost.exe take the 100% of CPU's resources. The system is regularly
    >patched (SP4 and all the latest Hot Fixes), personal firewall and Antivirus
    >clients updated. Scans with Symantec and Trend Micro have nothing found.
    >I've tried to shut down all the services possible, without good result. I've
    >also removed the last six applications installed on: nothing happen. Only in
    >safe mode (clear...), the CPU work fine.
    >It's possible that a (new) worm sleep inside the client? Initially, I have
    >thought about a Blaster Worm... I've checked also the system registry, but
    >nothing strange in on RUN key of LOCAL MACHINE.
    >
    >Anybody can light me?
    >
    >Thanks in advance
    >
    >Giancarlo
    >IT Manager
    >
    >
    >---------------------------------------------------------------------------
    >----------------------------------------------------------------------------
    >
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: Jimi Thompson: "Re: Exchange 2K3 and Server 2K3 versus SUN One Pros/Cons and Security Pros/Cons"