lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <0HZX00M67POB1R@mta9.srv.hcvlny.cv.net>
From: root at transientimages.com (transientimages)
Subject: "Sample" not running but preventing Win2k from
 Shutdown

I can state "Me Two" on this : 

Troubleshooting \ Analysis
--------------------------
pids, tlist, pulist do not show this name as an executed process, but when I
go to shutdown, the "Sample" process needs to be terminated before shutdown

Scans
-----
NAV and Ad-Aware report nothing
Secondary scanning with Trend Housecall
Netstat -ao reports nothing bad or remote
Blackice reports nothing going out

Running 
	WinXP SP1 
	MS Updates [Shavlik \ MS04-xxx patched] 
	NAV 2003 Current Sigs
	Ad Aware Latest Sigs
	Blackice 3.6 cci

Weird : suspect a 0day IE exploit on one of the more dodgy security sites I
visit....

Anyone else?

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Marcel Krause
Sent: Saturday, June 26, 2004 4:58 AM
To: Full Disclosure
Subject: [Full-Disclosure] "Sample" not running but preventing Win2k from
Shutdown

Hi guys,

I was fishing for some nice MSIE "plugins" on some porn sites and
found a mysterious one. It does not appear anywhere, neither in my
Firewall nor as a toolbar, and there is no new process running on
the sandbox machine. But whenever I try to shut it down or reboot
it, an application called "sample" does not want to terminate
voluntarily. As said before, there is no such app in the process
list before shutting down, and there is no unknown sample*.* file
on any of the sandbox'es hard disks. Does anyone know this "sample"?


Yours,
Marcel

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ