[unisog] zotob variant?
carol.myers at pvmail.maricopa.edu
Thu Aug 25 21:44:08 GMT 2005
I received the following and haven't found anything yet, symantec or
otherwise, that is helping with this college's issue...here's the text
I was wondering if any of you have encountered problems like we have. On
or around the 14^th , I believe we were hit with a worm on our Windows
2000 systems. I believe it is the same **type** of worm that is
responsible for zotob, but Symantec says nothing about what I’m seeing.
Here are some of the tell-tale signs:
A local account is created called ExchangeAdmin that is made an
A service is created called “Users service for disk management requests”
that points to CHKDSK32 in WINNT\System32.
Any thoughts or suggestions at this point would be greatly appreciated.
Carol Myers, CISSP
Information Resources & Technology Services
Paradise Valley Community College http://www.pvc.maricopa.edu
"One ought, every day at least, to hear a little song, read a good poem, see a fine picture, and, if it were possible, to speak a few reasonable words." --Johann Wolfgang von Goethe
More information about the unisog