Firewall Wizards mailing list archives
Survey.exe
From: "Ken Fox" <kenfox () starlinx com>
Date: Sun, 30 May 1999 13:38:49 -0400
Folks -- Anyone running an NT box seen a program called Survey.exe in thier task manager window? This puppy was sucking up 100% of the CPU ... I hadn't recalled ruinning anything that would generate such a program ; however, I was online at Microsoft's web site at the time (patches / downloads / etc) ... when I killed the process (not a terribly smart idea in WIndows, I noticed aa red Icon dropped out of the systray, kinda looked like a wizard or a mutated AOL icon) Assuming this is a hacker poking around , has anyone seen this before. Specifically, I killed him rather than let him play -- OTOH I am planning on a dedicated hook-up with a firewall rather than Dial up ... (turns out I moved in to an area with 7.1Meg ADSL available.... I hadn''t gotten to installing / downloading BOF yet (it is now) -- Specifically though, if anyone has seen this program before, what ports & so forth is it using and therefore what would we look for in a IDS or block with a firewall? I searched bugtraq for survey.exe under the assumption that it was malicious and/or had been seen before. Thanks< ken
Current thread:
- Survey.exe Ken Fox (May 30)