In case it is helpful, note that the DCOMX.EXE file name resembles the name of the fairly new Autorooter / Cirebot / Downloader-DM / "RPC Worm" [F-secure nomenclature] RPC attack tool, but none of the files are detected as such by either NAV or TrendMicro House Call with the latest updates applied. The four files in the subdirectory contain strings and file names that lead one to suspect they are part of Intel Landesk [PDS.EXE, ping discovery service per google, and XFR.EXE, Intel file transfer utility, per google]. -----Original Message----- From: Drew Weaver [mailto:drewat_private] Sent: Tuesday, August 05, 2003 3:07 PM To: incidentsat_private Subject: [despammed] Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up. Dig in. http://www.soul-fu.com/drew.zip I found this on a Windows 2k SP4 machine without (without) the two most recent and critically nessicary patches. Enjoy. -Drew --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 16:23:47 PDT