Security Incidents mailing list archives
RE: Trojan modifying ntdll.dll and cmd.exe
From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Sun, 18 May 2003 21:34:22 +1200
-----Original Message----- From: Harlan Carvey [mailto:keydet89 () yahoo com] Sent: Friday, 16 May 2003 10:57 p.m. To: incidents () securityfocus com Subject: Re: Trojan modifying ntdll.dll and cmd.exe Eric, I'd like to ask a couple of questions, to get some clarification.We have encountered a trojan that has modified both cmd.exe and ntdll.dll on a Windows 2000 machine. The files failed our CRC check (TDS was used for this, these out of 29 CRC-checked files were flagged as modified and Windows also flagged it).What is "TDS"? It sounds as if it might be Tripwire, but I'm not familiar w/ the acronym.
I'll leave other answers to the original poster. TDS might be Trojan Defence Suite (as he said he detected a trojan). That is "anti-trojan" program which works pretty similar as anti-virus programs (has its own database of known signatures and supports some level of heuristic scanning, which can lead to lot of false-positives). Find more info about it at the following URL: http://tds.diamondcs.com.au/ Best regards, Bojan Zdrnja ---------------------------------------------------------------------------- *** Wireless LAN Policies for Security & Management - NEW White Paper *** Just like wired networks, wireless LANs require network security policies that are enforced to protect WLANs from known vulnerabilities and threats. Learn to design, implement and enforce WLAN security policies to lockdown enterprise WLANs. To get your FREE white paper visit us at: http://www.securityfocus.com/AirDefense-incidents ----------------------------------------------------------------------------
Current thread:
- Trojan modifying ntdll.dll and cmd.exe Eric Greenberg (May 15)
- Re: Trojan modifying ntdll.dll and cmd.exe Harlan Carvey (May 16)
- RE: Trojan modifying ntdll.dll and cmd.exe Bojan Zdrnja (May 20)
- Re: Trojan modifying ntdll.dll and cmd.exe Harlan Carvey (May 16)