[unisog] zotob variant?

Carol Myers carol.myers at pvmail.maricopa.edu
Thu Aug 25 21:44:08 GMT 2005


I received the following and haven't found anything yet, symantec or 
otherwise, that is helping with this college's issue...here's the text

I was wondering if any of you have encountered problems like we have. On 
or around the 14^th , I believe we were hit with a worm on our Windows 
2000 systems. I believe it is the same **type** of worm that is 
responsible for zotob, but Symantec says nothing about what I’m seeing.

Here are some of the tell-tale signs:
A local account is created called ExchangeAdmin that is made an 
administrator.
A service is created called “Users service for disk management requests” 
that points to CHKDSK32 in WINNT\System32.

Any thoughts or suggestions at this point would be greatly appreciated. 
Thanks.

-- 

Carol Myers, CISSP
Information Resources & Technology Services
Paradise Valley Community College    http://www.pvc.maricopa.edu
602-787-7788

"One ought, every day at least, to hear a little song, read a good poem, see a fine picture, and, if it were possible, to speak a few reasonable words."  --Johann Wolfgang von Goethe





More information about the unisog mailing list