[Dshield] Odd things occuring on TCP 135.

Micheal Patterson micheal at tsgincorporated.com
Wed Oct 1 01:00:00 GMT 2003

----- Original Message ----- 
From: "Doug White" <doug at clickdoug.com>
To: "General DShield Discussion List" <list at dshield.org>
Sent: Tuesday, September 30, 2003 10:16 AM
Subject: Re: [Dshield] Odd things occuring on TCP 135.

> Have you tried submitting the program to one of the anti-virus vendors?


I've also recieved a couple of different replies:

Symantec id's this as a variant of HackTool. I was informed that they've
added detection to their beta sigs for it.

F-Secure id's it as a variant of Agobot and they're showing that it is
detected as Backdoor.Agobot.3.h with their current updates.

Sophos has yet to respond to my report.

I can verify that Norton does indeed detect it with the beta dif's. I can't
confirm via F-Secure as I can't install it because the install stalls when
connecting to their server from within the installer. I can't even install
their demo from home for the same reason.


Micheal Patterson
Network Administration
Cancer Care Network

More information about the list mailing list