[Dshield] OT W2K/ME

Deb Hale haled at pionet.net
Thu Oct 9 13:01:59 GMT 2003


I just found an article that might help you.  This article says that there
is a trojan that is being identified as backdoor.coreflood by the AV
software.  Take a look at the article.

http://www.lurhq.com/autoproxy.html

/SNIP/
Every time the system boots My Documents opens in Explorer. I've checked
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and found nothing and
RunOnce found nothing. Nothing in Startup, ran msconfig and found nothing.
Prior to this problem both systems have had Norton 2003 installed and full
system scans done with up to date Defs. Both systems were found to be
infected with Backdoor.Coreflood I've also run SpyBot and cleaned up a bunch
of stuff.

I did read last night something about (I hope I gets this right) DiDer.exe
more spyware stuff that could have created a second Explorer.exe but can't
seam to find anything on the system that would point to that.

Anyone have any ideas?

Thanx, Paul

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list