Spamming machines: a mystery dll?

Rita Seplowitz Saltz rita at Princeton.EDU
Thu Sep 25 18:46:23 GMT 2003


Thanks to all the folks who have sent suggestions.  The votes so far 
favor IE vulnerabilities, but some other interesting paths also have 
been presented.

Our lead residential computing consultant has described a situation his 
folks have encountered, and asked me to put this before the list-folks 
to see if anyone has seen anything like.  If you would be kind enough 
to copy fcollman at Princeton.EDU on any comments,  we'd surely appreciate 
it!

Forrest's remarks:

"... one of the things we have seen is a reference in msconfig to a dll 
that is a random string of letters.  If you search the harddrive for 
it, you can't find the dll.  However, you do find a file of no 
extension type, in c:\windows\temp.  You mind putting that information 
out there and seeing if anyone is seeing something similar?  If you 
disable it in msconfig, it comes back upon restart as well."

Thanks again for your attention,

Rita Saltz
Senior Policy Advisor
Office of Information Technology (OIT)
Princeton University
rita at princeton.edu



More information about the unisog mailing list