[Dshield] A few strange exe's
pmarsh at nmefdn.org
Sat Jan 10 04:07:05 GMT 2004
Just and FYI.
I've been working on an XP home edition for the last few hours having all kind of problems with it.
1. The system was a default build from Dell, no SP's loaded..ugh
2. No firewall running...ugh
3. No Anti-virus...ugh, ugh
Had a bitch of a time getting Norton loaded on it just run a virus scan once I did it had about 15 instances of 5 different virus. Had a bitch of a time loading Spy-bot also. The long and the short of it is I found three strange exe's running.
Found some info on the above, original files are OK but some research points to trojan drop compromise.
wini32.exe can't find anything on this one, but as soon as I got it unloaded and removed from the system things started to improve. Anyone know anything about it? NAV did not detect any of them as being infected and spy-bot didn't find anything either.
More information about the list