|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
wmon16.exe
From: Jason High (strongcypher
hotmail.com)
Date: Mon May 10 2004 - 08:02:50 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I believe that I have a HUGE problem, and I can't find anything anywhere.
Here are our symptoms:
- C:\winnt\system32\wmon16.exe appeared and began running (no idea what it
is or does)
- hosts file was altered to redirect antivirus sites to 127.0.0.1 (similar
to Trojan.QHOST but nothing else matches
- disables antivirus
- creates lots of connections to network computers using microsoft-ds and
netbios ports
I am completely lost. No removal tools have worked, no A/V is picking it
up. I've got about four hosts with these symptoms (so far) and I'm just
unplugging network cables at this point. Anyone with any pointers?
Jason E. High,RHCT,GSEC,MCP
http://www.alwaysright.org
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now!
http://toolbar.msn.com/go/onm00200415ave/direct/01/
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]