Firewall Wizards mailing list archives
RE: Survey.exe
From: Jean-Hugues Smits <j.h.smits () pointnet nl>
Date: Tue, 1 Jun 1999 10:03:15 +0200
Hi All, I,ve been reading this list for a while and a must say I learned a lot. This is my first time post here, I hope I will help someone by reacting to this post. I'm running NT 4.0, SP5 and the same thing happened to me. It indeed appears to come from a Microsoft site. The "Survey.exe" itself didn't take up the 100% CPU utilization but it took about 64% and the Iexplore process took the other 35%. I made a screenskot and killed the process. The "Survey.exe" appears to come from ftp://msfe.microsoft.com/swcomponents/sw/Survey.exe <ftp://msfe.microsoft.com/swcomponents/sw/Survey.exe> (314KB) and I also noticed a "Survey.dat" coming from ftp://msfe.microsoft.com/swcomponents/so/Survey.dat <ftp://msfe.microsoft.com/swcomponents/so/Survey.dat> (22,1KB) I also saw (in Temp) 2 asp's (runonce.asp + SetCities.ASP?<something>) from another MS website but they may have nothing to do with that. Hope this little bit of information helps. Keep up the good postings!! I'll absorbe the knowledge! Jean-Hugues Smits j.h.smits () pointnet nl <mailto:j.h.smits () pointnet nl> Pointnet Security Systems -----Oorspronkelijk bericht----- Van: Ken Fox [mailto:kenfox () starlinx com] Verzonden: zondag 30 mei 1999 19:39 Aan: 'firewall-wizards () nfr net' Onderwerp: Survey.exe Folks -- Anyone running an NT box seen a program called Survey.exe in thier task manager window? This puppy was sucking up 100% of the CPU ... I hadn't recalled ruinning anything that would generate such a program ; however, I was online at Microsoft's web site at the time (patches / downloads / etc) ... when I killed the process (not a terribly smart idea in WIndows, I noticed aa red Icon dropped out of the systray, kinda looked like a wizard or a mutated AOL icon) Assuming this is a hacker poking around , has anyone seen this before. Specifically, I killed him rather than let him play -- OTOH I am planning on a dedicated hook-up with a firewall rather than Dial up ... (turns out I moved in to an area with 7.1Meg ADSL available.... I hadn''t gotten to installing / downloading BOF yet (it is now) -- Specifically though, if anyone has seen this program before, what ports & so forth is it using and therefore what would we look for in a IDS or block with a firewall? I searched bugtraq for survey.exe under the assumption that it was malicious and/or had been seen before. Thanks< ken
Current thread:
- RE: Survey.exe Jean-Hugues Smits (Jun 01)
- RE: Survey.exe David C Niemi (Jun 03)
- <Possible follow-ups>
- Re: Survey.exe David LeBlanc (Jun 01)
- RE: Survey.exe Merunka, Steffen (Jun 01)
- RE: Survey.exe Russ (Jun 03)
- RE: Survey.exe Jean-Hugues Smits (Jun 03)