Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fw: services.exe file

From: Dano <dan () thejamzone com>
Date: Thu, 11 Dec 2003 13:36:22 -0800 (PST)


 

Within in XP, I can NOT uncheck the hidden attribute
that is set although I
can unhide in DOS. After unhiding it, I ran f-prot
and it did say that it
was a "security risk" or backdoor program.


Did F-prot say _which_ backdoor program it was?



The strange thing was that it did NOT identify the file even with the
latest definition update.



It came to my attention after
running a netstat and constantly seeing connections
being made to the two outside hosts. 


Hhhmm...do you remember which ports?  Also, you didn't
need to install a personal firewall...simply use fport
or openports (my personal fav) to find out which
process was using the ports, then get rid of the
process and executable image.



The port that is was sending data out on was 80. Actually i'm glad that I
did install the firewall because now i'm really blown away at other
applications that send data out, not knowing before that they did.

Dan


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: