Security Basics mailing list archives
Re: Unknown Windows Service suspected Worm/Virus
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Sat, 11 Sep 2004 04:29:27 +0200
On 2004-09-09 Neil Verkland wrote:
English WindowsXP install with SP2 and Windows Services for Unix installed Unknown Windows service recognized in Services MMC: "Servicio de Agenda de Alejandria". Mysterious reboot while using the system. It is unclear weather this service is related to the problem or not. AVG and Housecall and McAfee Enterprise didn't find anything. Spybot and Ad-aware Personal didn't find anything. Progress: Thanks to one listener who tried to translate: "Service for the Agenda of Alexandra". Thanks to many listeners who identified the command line method for shutting down windows services: net stop <service name> No light has been shed on the ID of this particular windows service yet.
Just a few notes on this: - What is the command-line that starts the service (in the service's properties in services.msc) - Is the binary present? Where? - What does the properties dialog of the binary tell? - Have you run strings [1] against the binary? - Does the suspicious service open any ports? - Is there anything unusual in the eventlog? HTH [1] http://www.sysinternals.com/ntw2k/source/misc.shtml#strings Regards Ansgar Wiechers -- "Those who would give up liberty for a little temporary safety deserve neither liberty nor safety, and will lose both." --Benjamin Franklin --------------------------------------------------------------------------- Computer Forensics Training at the InfoSec Institute. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors. Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse so that it never happens again. http://www.infosecinstitute.com/courses/computer_forensics_training.html ----------------------------------------------------------------------------
Current thread:
- Unknown Windows Service suspected Worm/Virus Neil Verkland (Sep 08)
- Re: Unknown Windows Service suspected Worm/Virus Über GuidoZ (Sep 11)
- <Possible follow-ups>
- RE: Unknown Windows Service suspected Worm/Virus Neil Verkland (Sep 10)
- Re: Unknown Windows Service suspected Worm/Virus Ansgar -59cobalt- Wiechers (Sep 13)
- Re: Unknown Windows Service suspected Worm/Virus Über GuidoZ (Sep 13)
- RE: Unknown Windows Service suspected Worm/Virus Hayden Searle (Sep 10)
- RE: Unknown Windows Service suspected Worm/Virus Prasanna M (Sep 13)