Security Incidents mailing list archives
Re: Fw: services.exe file
From: Fred Bradford <avpower () earthlink net>
Date: Thu, 11 Dec 2003 13:18:06 -0800
I have used a derivative of the old MS-DOS X-Tree for windows called: ZTreeWin It's available at: http://www.ztree.com/ It lets you "see" every file on your computer and lets you manipulate them easily. Yes, you can change one file's or all the files' attributes! It's for people who hate the mouse and like keyboard control, but it's easy to learn. Unless a file is "in use," you can do anything you want to it, unlike the higher level Windows "I know what you want, and won't let you do certain things" attitude. -Fred Bradford (Los Angeles) dano wrote:
Here's a link to the zipped copy of the services.exe file that I found on my system for anyone that would like to check it out: http://www.thejamzone.com/services/services.zip Within in XP, I can NOT uncheck the hidden attribute that is set although I can unhide in DOS. After unhiding it, I ran f-prot and it did say that it was a "security risk" or backdoor program. It came to my attention after running a netstat and constantly seeing connections being made to the two outside hosts. I then installed a personal firewall and found out exactly what application was doing it (should have done this a long time ago).
This email was cleaned by emailStripper, available for free from http://www.papercut.biz/emailStripper.htm
Dan --------------------------------------------------------------------------- ----------------------------------------------------------------------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Fw: services.exe file dano (Dec 11)
- Re: Fw: services.exe file Fred Bradford (Dec 11)
- Re: Fw: services.exe file Harlan Carvey (Dec 12)
- Re: Fw: services.exe file Dano (Dec 12)
- Re: Fw: services.exe file André Carezia (Dec 15)
- <Possible follow-ups>
- RE: services.exe file Jim Harrison (ISA) (Dec 12)