Re: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up.

From: Christine Kronberg (Christine_Kronbergat_private)
Date: Wed Aug 06 2003 - 09:06:55 PDT

Next message: Schmehl, Paul L: "RE: Secure.dcom.exe"

Previous message: Lee Seidman: "Backdoor.Trojan and payload.dat"
In reply to: Drew Weaver: "Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 5 Aug 2003, Drew Weaver wrote:

> Dig in.
>
> http://www.soul-fu.com/drew.zip
>
> I found this on a Windows 2k SP4 machine without (without) the two most
> recent and critically nessicary patches.

  Nav finds a worm called W32/Lolol.worm.gen in juh.exe and dcomx.exe.
  It fits to what I saw when let the files run within a vmware.
  I'm not sure about the files in the cba directory. According to what
  I found with google there seems to be a link to NAV CE (at least to
  some antivirus software). Are you sure that they have not been there
  earlier?
  (I'm not a windows expert: what are *.lrc files? )

  Cheers,

                                                               Chris.

-- 
GeNUA mbH

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Schmehl, Paul L: "RE: Secure.dcom.exe"
Previous message: Lee Seidman: "Backdoor.Trojan and payload.dat"
In reply to: Drew Weaver: "Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 16:36:53 PDT