I was hoping that this would be approved for the list as I get many emails from people who searched google and only hit on the question. Below is the answer that I was sending out to people who asked me personally. Over the past 14 months, I received quite a few responses to my post on the security focus incidents list regarding the addition of the NC_S_ISLCK group to my NT laptop. The vast majority of these posts were from people like me, who have it and have no idea where it came from. I did get a few replies that offered clues to its origin and I wanted to share them with you who, like me were/are clueless. The NC_S_SLCK group on my box had no members. Some report that it is recreated if renamed or deleted. This was not limited to NT. One of you has XP and several have Win2k. I have finally updated my toolkit and am running Win2k with no appearance of the group thus far. I looked at all the machines in our lab and none of them have the group except for 2 machines that have silent runner installed on them. This was the full blown version and not just the collector (none of the collector-only machines had this group). I also had installed a rapidly-expiring eval of SR on my NT laptop. It's my bet that is where I got the group from, but you never know. Silent Runner installs a couple services that took me a while to track down as well as Hummingbird Networking. Now, some stated that the group can come from other places, possibly. You can check your affected boxes to see if anything correlates. Rational Development Suite Crystal Reports v. 8 professional Sygate Personal Firewall Transtext Netscape Avatar Ratheon Silent Runner Sorry it took me a year to get back to you. I was waiting for a black helicopter story that never came. So, now, when people do a google search for NC_S_ISLCK , they'll get a hit on this instead of my post with no replies from last October. Ed Shirley --- kevin.mcphailat_private wrote: > I saw your post to incidents.org on finding this > group on your system. Did > you ever find out what it was. It is on my system as > well and I want to know > how it got there. > > __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:52:22 PST