Firewall Wizards mailing list archives
RE: Survey.exe
From: David C Niemi <niemi () tux org>
Date: Wed, 2 Jun 1999 10:50:31 -0400 (EDT)
This calls itself the "Microsoft Survey Wizard". I took a look at the file, and it at least superficially looks like just another buggy Windows program, but it's probably worth checking out with virus scanners and such. You could perhaps email to mtscf () microsoft com (an address embedded in Survey.dat) for more info. DCN On Tue, 1 Jun 1999, Jean-Hugues Smits wrote:
Hi All, I,ve been reading this list for a while and a must say I learned a lot. This is my first time post here, I hope I will help someone by reacting to this post. I'm running NT 4.0, SP5 and the same thing happened to me. It indeed appears to come from a Microsoft site. The "Survey.exe" itself didn't take up the 100% CPU utilization but it took about 64% and the Iexplore process took the other 35%. I made a screenskot and killed the process. The "Survey.exe" appears to come from ftp://msfe.microsoft.com/swcomponents/sw/Survey.exe <ftp://msfe.microsoft.com/swcomponents/sw/Survey.exe> (314KB) and I also noticed a "Survey.dat" coming from ftp://msfe.microsoft.com/swcomponents/so/Survey.dat <ftp://msfe.microsoft.com/swcomponents/so/Survey.dat> (22,1KB) I also saw (in Temp) 2 asp's (runonce.asp + SetCities.ASP?<something>) from another MS website but they may have nothing to do with that. Hope this little bit of information helps. Keep up the good postings!! I'll absorbe the knowledge! Jean-Hugues Smits j.h.smits () pointnet nl <mailto:j.h.smits () pointnet nl> Pointnet Security Systems -----Oorspronkelijk bericht----- Van: Ken Fox [mailto:kenfox () starlinx com] Verzonden: zondag 30 mei 1999 19:39 Aan: 'firewall-wizards () nfr net' Onderwerp: Survey.exe Folks -- Anyone running an NT box seen a program called Survey.exe in thier task manager window? This puppy was sucking up 100% of the CPU ... I hadn't recalled ruinning anything that would generate such a program ; however, I was online at Microsoft's web site at the time (patches / downloads / etc) ... when I killed the process (not a terribly smart idea in WIndows, I noticed aa red Icon dropped out of the systray, kinda looked like a wizard or a mutated AOL icon) Assuming this is a hacker poking around , has anyone seen this before. Specifically, I killed him rather than let him play -- OTOH I am planning on a dedicated hook-up with a firewall rather than Dial up ... (turns out I moved in to an area with 7.1Meg ADSL available.... I hadn''t gotten to installing / downloading BOF yet (it is now) -- Specifically though, if anyone has seen this program before, what ports & so forth is it using and therefore what would we look for in a IDS or block with a firewall? I searched bugtraq for survey.exe under the assumption that it was malicious and/or had been seen before. Thanks< ken
---- David C Niemi ----niemi at tux.org---- Reston VA USA ---- ... as FUD is our witness, we will never go hungry again. Microsoft OEM account manager, 1992.
Current thread:
- RE: Survey.exe Jean-Hugues Smits (Jun 01)
- RE: Survey.exe David C Niemi (Jun 03)
- <Possible follow-ups>
- Re: Survey.exe David LeBlanc (Jun 01)
- RE: Survey.exe Merunka, Steffen (Jun 01)
- RE: Survey.exe Russ (Jun 03)
- RE: Survey.exe Jean-Hugues Smits (Jun 03)