We got signal! Norton AV with 3/10 definitions found the following infections: Explorer(space).exe: Backdoor.Sdbot onylje.exe: W32.HLLW.Nebiwo pcoo.exe: W32.HLLW.Nebiwo WINLOGON(space).exe: Trojan.KillAV http://www.symantec.com/avcenter/venc/data/w32.hllw.nebiwo.html The two Trojans are dropped by W32.HLLW.Nebiwo. It can also drop Backdoor.Litmus. Nebiwo is a worm that gets in via TCP Port 445 (W2K SMB). Yes, yet another source of all the TCP/445 scans I keep seeing! Hopefully this information will be of help to you. KJP __________________________________________________ Do you Yahoo!? Yahoo! Web Hosting - establish your business online http://webhosting.yahoo.com ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 10:31:09 PST