Security Incidents mailing list archives

Re: Fw: services.exe file

From: Harlan Carvey <keydet89 () yahoo com>
Date: Thu, 11 Dec 2003 13:20:36 -0800 (PST)

Dano,

http://www.thejamzone.com/services/services.zip


Thanks.

Within in XP, I can NOT uncheck the hidden attribute
that is set although I
can unhide in DOS. After unhiding it, I ran f-prot
and it did say that it
was a "security risk" or backdoor program.


Did F-prot say _which_ backdoor program it was?

It came to my attention after
running a netstat and constantly seeing connections
being made to the two outside hosts.


Hhhmm...do you remember which ports?  Also, you didn't
need to install a personal firewall...simply use fport
or openports (my personal fav) to find out which
process was using the ports, then get rid of the
process and executable image.


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Fw: services.exe file dano (Dec 11)
- Re: Fw: services.exe file Fred Bradford (Dec 11)
- Re: Fw: services.exe file Harlan Carvey (Dec 12)
  - Re: Fw: services.exe file Dano (Dec 12)
- Re: Fw: services.exe file André Carezia (Dec 15)
- <Possible follow-ups>
- RE: services.exe file Jim Harrison (ISA) (Dec 12)