Re: "we have been hacked"
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 12/15/03
- Next message: Tom Kaminski [MVP]: "Re: How to setup PW Protect site and how to log users?"
- Previous message: Keith W. McCammon: "Re: How to setup PW Protect site and how to log users?"
- In reply to: Jeff Cochran: "Re: "we have been hacked""
- Next in thread: Jeff Cochran: "Re: "we have been hacked""
- Reply: Jeff Cochran: "Re: "we have been hacked""
- Reply: Charles Otstot: "Re: "we have been hacked""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 15 Dec 2003 16:29:34 -0500
"Jeff Cochran" <jcochran.nospam@naplesgov.com> wrote in message
news:3feafae8.446018090@msnews.microsoft.com...
> On Fri, 12 Dec 2003 20:01:22 -0500, "Karl Levinson [x y] mvp"
> <levinson_k@despammed.com> wrote:
> >Also, I'm not familiar with this trojan / virus that both uses a file
named
> >SVCHOST.EXE and also modifies the hosts file. Which one is it? Or have
> >they possibly confused the welchia and qhosts removal instructions?
>
> It appears a combination of Welchia/Qhosts and possibly others. I
> wouldn't think SVCHost would normally be an issue to pull out of
> Startup, and it's a common method of loading several
> viruses/trojans/malware/etc.
FYI, I searched www.sarc.com to try to find a virus that used svchost.exe
and modified the hosts file, couldn't find any. I have to wonder if the
instructions on the website are misguided, or maybe they know something we
don't.
- Next message: Tom Kaminski [MVP]: "Re: How to setup PW Protect site and how to log users?"
- Previous message: Keith W. McCammon: "Re: How to setup PW Protect site and how to log users?"
- In reply to: Jeff Cochran: "Re: "we have been hacked""
- Next in thread: Jeff Cochran: "Re: "we have been hacked""
- Reply: Jeff Cochran: "Re: "we have been hacked""
- Reply: Charles Otstot: "Re: "we have been hacked""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
