[unisog] zotob variant?

Carol Myers carol.myers at pvmail.maricopa.edu
Thu Aug 25 21:44:08 GMT 2005

I received the following and haven't found anything yet, symantec or 
otherwise, that is helping with this college's issue...here's the text

I was wondering if any of you have encountered problems like we have. On 
or around the 14^th , I believe we were hit with a worm on our Windows 
2000 systems. I believe it is the same **type** of worm that is 
responsible for zotob, but Symantec says nothing about what I’m seeing.

Here are some of the tell-tale signs:
A local account is created called ExchangeAdmin that is made an 
A service is created called “Users service for disk management requests” 
that points to CHKDSK32 in WINNT\System32.

Any thoughts or suggestions at this point would be greatly appreciated. 


Carol Myers, CISSP
Information Resources & Technology Services
Paradise Valley Community College    http://www.pvc.maricopa.edu

"One ought, every day at least, to hear a little song, read a good poem, see a fine picture, and, if it were possible, to speak a few reasonable words."  --Johann Wolfgang von Goethe

More information about the unisog mailing list