[Dshield] Is there a legitimate service named doom?
mducharme at cybergeneration.com
Thu Jun 23 19:51:30 GMT 2005
Another tip, look into registry onton
look at different values, ImagePath should contain
the executable file
Also, what is the md5 value for this file ?
Programmeur / Spécialiste en sécurité réseau
----- Original Message -----
From: <securityguy at dslextreme.com>
To: <list at lists.dshield.org>
Sent: Thursday, June 23, 2005 1:28 PM
Subject: [Dshield] Is there a legitimate service named doom?
> Troubleshooting a windows 2k server, a netstat showed a protocol named
> "doom" listening on port 1035. The latest virus scans show no infection
> (symantec, mcafee stinger, and trendmicro's housecall) all report clean.
> There's been (so far as I can tell) no slow down in service, increase in
> disk size, or anything out of the ordinary. It possible that this is a
> normal service as opposed to someone running a game? How would I track
> down what is spawning this service?
> - SG
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
More information about the list