|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Full-disclosure] wintcpmod.exe Hear of it?
From: Dan Bambach (Dan
dbambach.net)
Date: Thu May 05 2005 - 17:15:23 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I noticed today that a program wintcpmod.exe, located in two places on my
hard drive, windows\system and windows\system32 was attempting to access
port 53. My firewall blocked it and sent an alert. I am on the road, so I
have not had time to fully investigate this yet, but a Google search
produced very little about this program. It sets a registry key for local
machine "run", and can be seen on the process screen. It does not appear in
the services list. I was able to kill it, but in my Google search, someone
has claimed that they were unable to kill the process. I am running WinXP
SPk2 fully patched, and Symantec AntiVirus, ZoneAlarmPro. Microsoft
AntiSpyware does not report anything.
Has anyone else seen this program?
Dan Bambach
Dandbambach.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]