Re: wmon16 follow-up

[Harlan Carvey <keydet89 () yahoo com>]

Jason,

One last question...how do you know that it's a virus,
and not a worm or Trojan?


--- Jason High <strongcypher () hotmail com> wrote:
> Thanks to everyone for their advice and help.  The
> virus was pretty 
> un-sophisticated as far as I can tell.  It created 
> C:\winnt\system32\wmon16.exe and added registry
> entries in Run and Run > 
> OptionalComponents to start itself when the computer
> starts.  I simply 
> killed it with Sysinternal's pskill, deleted the
> registry entries, patched 
> the computers and updated the A/V.  It seems to be
> gone now, but I'll 
> watching closely.
>
> I submitted copies of the executable to various A/V
> vendors and many 
> requestors on this list.  If you asked for a copy
> and didn't get one, or 
> would like to look at, please let me know.  I had a
> lot going on and may 
> have missed some people.  Thanks again.
>
> Jason E. High,RHCT,GSEC,MCP
> http://www.alwaysright.org
_________________________________________________________________
> Getting married? Find tips, tools and the latest
> trends at MSN Life Events. 
> http://lifeevents.msn.com/category.aspx?cid=married
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>


---------------------------------------------------------------------------
----------------------------------------------------------------------------