Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

wmon16 follow-up

From: "Jason High" <strongcypher () hotmail com>
Date: Mon, 10 May 2004 15:02:58 -0400
Thanks to everyone for their advice and help. The virus was pretty un-sophisticated as far as I can tell. It created C:\winnt\system32\wmon16.exe and added registry entries in Run and Run > OptionalComponents to start itself when the computer starts. I simply killed it with Sysinternal's pskill, deleted the registry entries, patched the computers and updated the A/V. It seems to be gone now, but I'll watching closely.
I submitted copies of the executable to various A/V vendors and many requestors on this list. If you asked for a copy and didn't get one, or would like to look at, please let me know. I had a lot going on and may have missed some people. Thanks again. 

Jason E. High,RHCT,GSEC,MCP
http://www.alwaysright.org

_________________________________________________________________
Getting married? Find tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married 


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: