Educause Security Discussion mailing list archives
New Virus/Trojan/...?
From: Jason Brooks <brooksje () LONGWOOD EDU>
Date: Mon, 4 Oct 2004 16:44:28 -0400
Beginning about 16:45 EDT on Sunday 3 Oct 2004, we began seeing high levels of port scanning for port 445 from our students. We have obtained one laptop for analysis. Here are our findings: Process Quicktimee.exe is opening numerous outbound connections to destination port 445 (Note extra "e"). The box is Win2K SP4, McAfee A/V (7.1) current definitions (4396). Updated A/V defs; scan - nothing AdAware/Spybot scan - nada Pulled down a few patches, but I don't know which ones were installed (not preformed by the InfoSec Office) File only visible in Explorer.exe after selecting "Show Hidden Files and Folders" and unchecking "Hide Protected Operating System Files". Fport showed that Quicktimee.exe was sitting in C:\WINNT\system32 directory. Called from the following Registry keys: HKU\SSID\Software\Microsoft\OLE\Norton Virus Definitions - Quicktimee.exe HKLM\Software\Microsoft\Windows\Current Version\Run\Norton Virus Definitions - Quicktimee.exe The file is about 86KB and no interesting strings in the binary. Admin account had no password. However, File and Print Sharing was off. So, with that, does it look familiar to anyone? McAfee doesn't know it, and can't turn up anything seemingly related in Google, etc. Suggestions/Help? Thanks, Jason Brooks Jason Brooks Information Security Technician Longwood University 201 High Street Farmville, VA 23909 (434) 395-2034 mailto:brooksje () longwood edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- New Virus/Trojan/...? Jason Brooks (Oct 04)
- <Possible follow-ups>
- Re: New Virus/Trojan/...? James Riden (Oct 04)
- Re: New Virus/Trojan/...? Scott Weeks (Oct 04)
- Re: New Virus/Trojan/...? Jason Brooks (Oct 06)
- Re: New Virus/Trojan/...? Wayne J. Hauber (Oct 06)
- Re: New Virus/Trojan/...? Jason Brooks (Oct 07)
- Re: New Virus/Trojan/...? Justin Azoff (Oct 07)
- Re: New Virus/Trojan/...? Wayne J. Hauber (Oct 07)