Security Basics mailing list archives
Re: worm that crashes win explorer upon search
From: Douglas Duckworth <stlpcsecurity () gmail com>
Date: Wed, 17 Aug 2005 08:34:53 -0500
Sorry, sent it to wrong address.. On 8/17/05, Douglas Duckworth <stlpcsecurity () gmail com> wrote:
DEP only works on certian processors. http://support.microsoft.com/kb/875352 http://www.microsoft.com/technet/security/prodtech/windowsxp/depcnfxp.mspx "Data Execution Prevention (DEP) is a set of hardware and software technologies that perform additional checks on memory to help prevent malicious code from running on a system. In Microsoft Windows XP Service Pack 2 (SP2) and Microsoft Windows XP Tablet PC Edition 2005, DEP is enforced by hardware and by software. The primary benefit of DEP is to help prevent code execution from data pages. Typically, code is not executed from the default heap and the stack. Hardware-enforced DEP detects code that is running from these locations and raises an exception when execution occurs. Software-enforced DEP can help prevent malicious code from taking advantage of exception-handling mechanisms in Windows." You could try blocking ports with IPSec: http://support.microsoft.com/?id=813878 Also, you could try installing ethereal, which will give a better idea how it is spreading. I would not recommend that you use it in an infected pc, however, use it on a firewalled computer which is up to date with patches. And the windows firewall may help for computers that are not currently infected, however, it will not block outgoing traffic. -Doug On 8/16/05, Luis Osorio <luis.osorio () parfois com> wrote:Hi, Try to check DEP (Data Execution Prevention). This could happen if explorer is trying to launch the search program. regards, Luis Osório Parfois - IT Department Telef:+351220900240 Telem:+351917798455 www.parfois.com ------------------------------------------------------------------------------- Barata & Ramilo, S.A. Rua de Sistelo Lugar de Santegãos 4435-429 Rio Tinto Portugal -----Original Message----- From: Leon [mailto:roastin () yahoo com] Sent: segunda-feira, 1 de Agosto de 2005 21:20 To: security-basics () securityfocus com Subject: worm that crashes win explorer upon search Hi, I have a client who suspects that they may have a worm running around there network that is infecting machines through open shares or some other means of propogation. The symptom is that when people open up windows exploer and try to search the explorer.exe process dies. I installed the microsoft spyware application and they are using up-to-date virus definitions with their scanner. I also went through netstat looking for strange open port and saw nothing. The event log also has nothing out of the ordinary in it What is the best way to troubleshoot something like this? I can get the dump file from dr watson but I am unsure where to go from there. Suggestions appreciated. Thx, Leon ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Current thread:
- worm that crashes win explorer upon search Leon (Aug 02)
- <Possible follow-ups>
- Re: worm that crashes win explorer upon search keydet89 (Aug 03)
- RE: worm that crashes win explorer upon search Luis Osorio (Aug 16)
- Message not available
- Re: worm that crashes win explorer upon search Douglas Duckworth (Aug 22)
- Message not available