Security Incidents mailing list archives
Re: Fw: services.exe file
From: Dano <dan () thejamzone com>
Date: Thu, 11 Dec 2003 13:36:22 -0800 (PST)
Within in XP, I can NOT uncheck the hidden attribute that is set although I can unhide in DOS. After unhiding it, I ran f-prot and it did say that it was a "security risk" or backdoor program.Did F-prot say _which_ backdoor program it was?
The strange thing was that it did NOT identify the file even with the latest definition update.
It came to my attention after running a netstat and constantly seeing connections being made to the two outside hosts.Hhhmm...do you remember which ports? Also, you didn't need to install a personal firewall...simply use fport or openports (my personal fav) to find out which process was using the ports, then get rid of the process and executable image.
The port that is was sending data out on was 80. Actually i'm glad that I did install the firewall because now i'm really blown away at other applications that send data out, not knowing before that they did. Dan --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Fw: services.exe file dano (Dec 11)
- Re: Fw: services.exe file Fred Bradford (Dec 11)
- Re: Fw: services.exe file Harlan Carvey (Dec 12)
- Re: Fw: services.exe file Dano (Dec 12)
- Re: Fw: services.exe file André Carezia (Dec 15)
- <Possible follow-ups>
- RE: services.exe file Jim Harrison (ISA) (Dec 12)