Security Incidents mailing list archives
Re: Explorer Dr. Watsons
From: "FYOM" <fyom () symmsys com>
Date: Tue, 18 Sep 2001 16:00:28 -0400
Chris, I had the same issue, and I'm disinfecting a server that had the worm. The worm loads a trojan mmc.exe in C:\winnt. This trojan mmc.exe loads any time your system runs explorer.exe Also, you will note a ton of mep*.exe files in c:\winnt. These files are the worm's threads of execution and they modify all your html and asp files on your system to include this line: ----- Original Message ----- From: "Chris Thornberry" <chris () cameronaa com> To: <incidents () securityfocus com> Sent: Tuesday, September 18, 2001 3:32 PM Subject: Explorer Dr. Watsons
Has anyone been experiencing issues with Dr. Watson Application errors in EXPLORER.EXE. Ever since this morning and the W32.Nimda.A@mm issue some of my servers have had issues trying to run anything. Does anyone know of a relation between the two? Regards, Chris -------------------------------------------- Chris Thornberry MCSE, CCNA, A+ Systems Engineer Cameron & Associates, Inc. E-mail: chris () cameronaa com -------------------------------------------- --------------------------------------------------------------------------
--
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Explorer Dr. Watsons Chris Thornberry (Sep 18)
- Re: Explorer Dr. Watsons FYOM (Sep 18)
- Re: Explorer Dr. Watsons Jeremy 'Circ' Charles (Sep 18)
- <Possible follow-ups>
- RE: Explorer Dr. Watsons James Paterson (Sep 18)
- RE: Explorer Dr. Watsons Steve Halligan (Sep 18)
- RE: Explorer Dr. Watsons Arnold, Jamie (Sep 18)