RE: "Sample" not running but preventing Win2k from Shutdown

[transientimages <root () transientimages com>]

I can state "Me Two" on this : 

Troubleshooting \ Analysis
--------------------------
pids, tlist, pulist do not show this name as an executed process, but when I
go to shutdown, the "Sample" process needs to be terminated before shutdown

Scans
-----
NAV and Ad-Aware report nothing
Secondary scanning with Trend Housecall
Netstat -ao reports nothing bad or remote
Blackice reports nothing going out

Running 
        WinXP SP1 
        MS Updates [Shavlik \ MS04-xxx patched] 
        NAV 2003 Current Sigs
        Ad Aware Latest Sigs
        Blackice 3.6 cci

Weird : suspect a 0day IE exploit on one of the more dodgy security sites I
visit....

Anyone else?

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Marcel Krause
Sent: Saturday, June 26, 2004 4:58 AM
To: Full Disclosure
Subject: [Full-disclosure] "Sample" not running but preventing Win2k from
Shutdown

Hi guys,

I was fishing for some nice MSIE "plugins" on some porn sites and
found a mysterious one. It does not appear anywhere, neither in my
Firewall nor as a toolbar, and there is no new process running on
the sandbox machine. But whenever I try to shut it down or reboot
it, an application called "sample" does not want to terminate
voluntarily. As said before, there is no such app in the process
list before shutting down, and there is no unknown sample*.* file
on any of the sandbox'es hard disks. Does anyone know this "sample"?


Yours,
Marcel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html