Re: Strange services.exe file

[Harlan Carvey <keydet89 () yahoo com>]

> Hello, I came across a strange services.exe file in
> WinXP and don't know
> how it got there. This services.exe landed in the
> root
> c:\windows\services.exe with a hidden attrib flag
> set. There was also a
> registry key set at
> HKLM/software/microsoft/windows/currentversion/run
> with the value "services C:\WINDOWS\services.exe
> -i". What it appeared to
> do was send data back to hosts
> dhcp-ve3-101.cable.amis.net
> (212.18.53.101) and um-sd04-907.uni-mb.si
> (164.8.15.109). 

Did a Google search, or search of A/V sites turn up
anything?

> I'm stil in
> progress of disecting this to find out what exactly
> it does. 

Well, a couple of ways to do that would be to run
openports.exe, dump the process memory and run
strings, and use Dependancy Walker on the executable.

> Does anyone know anything about this?

Can you provide a copy of it, zipped up?



---------------------------------------------------------------------------
----------------------------------------------------------------------------