[Dshield] Is there a legitimate service named doom?

Mike Wydra mwydra1 at comcast.net
Thu Jun 23 20:39:54 GMT 2005


Almost same thing happened on my home machine, except "Doom" was listening 
on port 666 (these guys slay me). There is a Trojan by that name, but like 
Deb said, there is the game. In any event, I couldn't find anything related 
to it on the machine, and everything was working just fine. A final note - I 
never had the game on my machine, so I don't know where the bugger came 
from.

Cheers,
Mike Wydra
----- Original Message ----- 
From: <securityguy at dslextreme.com>
To: <list at lists.dshield.org>
Sent: Thursday, June 23, 2005 12:28 PM
Subject: [Dshield] Is there a legitimate service named doom?


> Troubleshooting a windows 2k server, a netstat showed a protocol named
> "doom" listening on port 1035.  The latest virus scans show no infection
> (symantec, mcafee stinger, and trendmicro's housecall) all report clean.
> There's been (so far as I can tell) no slow down in service, increase in
> disk size, or anything out of the ordinary.  It possible that this is a
> normal service as opposed to someone running a game?  How would I track
> down what is spawning this service?
>
> - SG
>
>
>
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see: 
> http://www.dshield.org/mailman/listinfo/list 



More information about the list mailing list