[Dshield] A few strange exe's

Doug White doug at clickdoug.com
Sat Jan 10 05:08:42 GMT 2004


There is information on how to disable these at
http://www.totalchoicehosting.com/forums/index.php?showtopic=4200

======================================
Stop spam on your domain, Anti-spam solutions
http://www.clickdoug.com/mailfilter.cfm
For hosting solutions http://www.clickdoug.com
======================================
Aspire to Inspire before you Retire or Expire!


----- Original Message ----- 
From: "Paul Marsh" <pmarsh at nmefdn.org>
To: <list at dshield.org>
Sent: Friday, January 09, 2004 10:07 PM
Subject: [Dshield] A few strange exe's


: Just and FYI.
:
:   I've been working on an XP home edition for the last few hours having all
kind of problems with it.
:
:   1.  The system was a default build from Dell, no SP's loaded..ugh
:   2.  No firewall running...ugh
:   3.  No Anti-virus...ugh, ugh
:
:   Had a bitch of a time getting Norton loaded on it just run a virus scan once
I did it had about 15 instances of 5 different virus.  Had a bitch of a time
loading Spy-bot also.  The long and the short of it is I found three strange
exe's running.
:
:   igfxtray.exe
:   hkcmd.exe
:   Found some info on the above, original files are OK but some research points
to trojan drop compromise.
:
:   wini32.exe can't find anything on this one, but as soon as I got it unloaded
and removed from the system things started to improve.  Anyone know anything
about it?  NAV did not detect any of them as being infected and spy-bot didn't
find anything either.
:
: Thanx, Paul
:
: GO PAT's
:
: _______________________________________________
: list mailing list
: list at dshield.org
: To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list
:
:




More information about the list mailing list