lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27CB8651@dc1ms2.msad.brookshires.net>
Date: Fri May  6 13:46:13 2005
From: toddtowles at brookshires.com (Todd Towles)
Subject: wintcpmod.exe Hear of it?

Hey Dan, haven't heard of that one. But it does sound strange. I bet
many people on this list would like to get a ahold of that file. Also it
would be a good idea to run it thru www.virustotal.com and some of the
other online malware sites. Just in case it is a filename change..of a
new common malware.


________________________________

	From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Dan
Bambach
	Sent: Thursday, May 05, 2005 5:15 PM
	To: full-disclosure@...ts.grok.org.uk
	Subject: [Full-disclosure] wintcpmod.exe Hear of it?
	
	

	I noticed today that a program wintcpmod.exe, located in two
places on my hard drive, windows\system and windows\system32 was
attempting to access port 53. My firewall blocked it and sent an alert.
I am on the road, so I have not had time to fully investigate this yet,
but a Google search produced very little about this program. It sets a
registry key for local machine "run", and can be seen on the process
screen. It does not appear in the services list. I was able to kill it,
but in my Google search, someone has claimed that they were unable to
kill the process. I am running WinXP SPk2 fully patched, and Symantec
AntiVirus, ZoneAlarmPro. Microsoft AntiSpyware does not report anything.

	 

	Has anyone else seen this program? 

	 

	Dan Bambach

	Dan@...mbach.net 

	 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050506/d5ac7afa/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ