Re: Trojan svchost.exe in created folder windows/syst32 caught by Norton
From: Bit Twister (BitTwister@localhost.localdomain)
Date: 11/28/02
- Next message: Lars M. Hansen: "Re: A Royal Name"
- Previous message: Bill Crocker: "Re: Norton Internet Security"
- In reply to: Puzzld: "Trojan svchost.exe in created folder windows/syst32 caught by Norton"
- Next in thread: NeoSadist: "Re: Trojan svchost.exe in created folder windows/syst32 caught by Norton"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bit Twister <BitTwister@localhost.localdomain> Date: Thu, 28 Nov 2002 02:49:19 GMT
On 27 Nov 2002 18:20:40 -0800, Puzzld wrote:
> Has anyone else seen this?
>
> Norton firewall caught a trojan trying to send out info over internet.
> It was called svchost.exe, 18.8 KB (as opposed to 12.5 for the valid
> WinXP file), resided in a newly created folder called windows/syst32,
> and had a registry key called "LTM2" to run it at startup. The
> program itself had a capital letter "A" as its icon.
Maybe a new variant of Backdoor.Litmus.203
You might look around on http://www.symantec.com
and tell them your woes.
> I don't know what it was trying to send, but apparently to the
> following address: 221.6.2.1,ircu-2(6667). It has been terminated and
> quarantined on my system.
- Next message: Lars M. Hansen: "Re: A Royal Name"
- Previous message: Bill Crocker: "Re: Norton Internet Security"
- In reply to: Puzzld: "Trojan svchost.exe in created folder windows/syst32 caught by Norton"
- Next in thread: NeoSadist: "Re: Trojan svchost.exe in created folder windows/syst32 caught by Norton"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
