| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri May 6 13:46:13 2005 From: toddtowles at brookshires.com (Todd Towles) Subject: wintcpmod.exe Hear of it? Hey Dan, haven't heard of that one. But it does sound strange. I bet many people on this list would like to get a ahold of that file. Also it would be a good idea to run it thru www.virustotal.com and some of the other online malware sites. Just in case it is a filename change..of a new common malware. ________________________________ From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Dan Bambach Sent: Thursday, May 05, 2005 5:15 PM To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] wintcpmod.exe Hear of it? I noticed today that a program wintcpmod.exe, located in two places on my hard drive, windows\system and windows\system32 was attempting to access port 53. My firewall blocked it and sent an alert. I am on the road, so I have not had time to fully investigate this yet, but a Google search produced very little about this program. It sets a registry key for local machine "run", and can be seen on the process screen. It does not appear in the services list. I was able to kill it, but in my Google search, someone has claimed that they were unable to kill the process. I am running WinXP SPk2 fully patched, and Symantec AntiVirus, ZoneAlarmPro. Microsoft AntiSpyware does not report anything. Has anyone else seen this program? Dan Bambach Dan@...mbach.net -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050506/d5ac7afa/attachment.html
Powered by blists - more mailing lists