| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <001301c3554a$f67305e0$f16bcf0c@hankscomp> From: hank at burningriver.net (Hank Kester) Subject: Exploited?? Here I was, freshly installing win2k with sp4. 4 error messages popped up in a row, unhandled exception in svchost.exe. I stupidly didn't get the locations, because I dismissed it as a random bug. It then occurred to me that this may be how the recent RPC exploits on the end user's system. When I tried to open the Task Manager, to see if any other processes had been started, it stayed open for only a fraction of a second. There was one foreign task, sysengr.exe . A search of Google revealed nothing for this filename. I tried to delete it, but first had to rename taskmgr.exe to a random name so that it would stay open, instead of being closed. After this, sysengr.exe was easily ended, and the file was removed (I have a copy available, should anyone want to study it.) The only other side effect I noticed was that I was unable to open regedit, presumably in an attempt to keep me from removing the program from startup. Thank you for any information you might have on what else I should look for on this system, besides the obvious patching which I was in the process of doing when this came up. -Hank Kester -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030728/46fcfb61/attachment.html
Powered by blists - more mailing lists