Where was the file found? Did you scan it with A/V? Was it running? If so, does it bind to a port? Have you looked in the usual places where applications can start up on boot? i.e registry, startup folder, services, boot scripts, etc. You might find more information in those places that can help determine what is happening to your box. Also, Did you 'strings' the binary? -Blake On Wed, 9 Jan 2002, Nutcase_69 wrote: > We have an application server running NT 4.0. We found the file serv.exe on > it and I know that this could be an indication of a Trojan. We deleteed the > file and when we rebooted, the file re-appeared. I trying to find out if > anybody know what Trojan might display this activity? I thaught it was > freak but that seemed old and I didn''t think that it could regenerate the > .exe Any Answers? > > Cheers, > Eric > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com > > ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 09 2002 - 15:06:13 PST