RE: Unknown Windows Service suspected Worm/Virus
From: Hayden Searle (hayden.searle_at_safecom.co.nz)
Date: 09/09/04
- Previous message: Teo Gomez: "RE: Password Cracking"
- Maybe in reply to: Neil Verkland: "Unknown Windows Service suspected Worm/Virus"
- Next in thread: Qber_GuidoZ?=: "Re: Unknown Windows Service suspected Worm/Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 10 Sep 2004 00:32:56 +1200 To: "Neil Verkland" <VerklandN@macewan.ca>, <security-basics@securityfocus.com>
The command for stopping a service is net stop <service name>
I have no idea what the service is, but maybe a scrape of the registry
looking for it would be a good start to see where it is? Also look and
see if it is in the 'run' folder in the registry and export and then
delete the key, restart the box and it shouldn't start anymore.
If it is in the services MMC then have a look at the executable it
relates to as this may give more clues for a google search.
Regards
Hayden Searle
Network Security Specialist
-----Original Message-----
From: Neil Verkland [mailto:VerklandN@macewan.ca]
Sent: Thursday, 9 September 2004 8:31 a.m.
To: security-basics@securityfocus.com
Subject: Unknown Windows Service suspected Worm/Virus
I'm looking for information on the following windows XP service that was
found installed on various systems that have XP-SP2 installed and have
been virus scanned as clean.
Servicio de Agenda de Alejandria
If anyone can identify this windows service please respond. Systems
with this service seem to reboot automagically and terminal services is
started and I am unable to stop the service via the control panel.
Please also respond with the command line to stop a service. My windows
skill are not as prolific as Solaris. Thanks.
Neil S. Verkland, B.Sc.C.S.
Manager, Learning and Information Systems
Grant MacEwan College
------------------------------------------------------------------------
--- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ------------------------------------------------------------------------ ---- ##################################################################################### Important: This electronic message and attachments (if any) are confidential and may be legally privileged. If you are not the intended recipient do not copy, disclose or use the contents in any way. Please let us know by return e-mail immediately and then destroy this message. ##################################################################################### --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
- Previous message: Teo Gomez: "RE: Password Cracking"
- Maybe in reply to: Neil Verkland: "Unknown Windows Service suspected Worm/Virus"
- Next in thread: Qber_GuidoZ?=: "Re: Unknown Windows Service suspected Worm/Virus"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
