[Dshield] A few strange exe's
jayjwa at atr2.ath.cx
Sat Jan 10 06:35:05 GMT 2004
On Fri, 9 Jan 2004, Paul Marsh wrote:
> I've been working on an XP home edition for the last few hours having all kind of problems with it.
> 1. The system was a default build from Dell, no SP's loaded..ugh
> 2. No firewall running...ugh
> 3. No Anti-virus...ugh, ugh
> Had a bitch of a time getting Norton loaded on it just run a virus scan once I did it had about 15 instances of 5 different virus. Had a bitch of a time loading Spy-bot also. The long and the short of it is I found three strange exe's running.
> Found some info on the above, original files are OK but some research points to trojan drop compromise.
> wini32.exe can't find anything on this one, but as soon as I got it unloaded and removed from the system things started to improve. Anyone know anything about it? NAV did not detect any of them as being infected and spy-bot didn't find anything either.
igfxtray.exe = Found w/search on the internet, seems OK
wini32.exe = 40% sure I've seen this before as a trojan/virus/whatnot.
Hiding trojans are typically named "win****.exe". Not found w/search.
hkcmd.exe = "Application which implements Intel's HotKey command", found
on web w/search, seems OK
XP out of the box is a security nightmare.
On www.incidents.org is a link off the main page to a xpsurvivalguide.pdf,
which lists things you should do first. I've downloaded it, even though I
don't do Windows.
More information about the list