|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: wmon16.exe
From: Peter Kosinar (goober
ksp.sk)
Date: Mon May 10 2004 - 10:11:12 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> - C:\winnt\system32\wmon16.exe appeared and began running (no idea what it
> is or does)
> - hosts file was altered to redirect antivirus sites to 127.0.0.1 (similar
> to Trojan.QHOST but nothing else matches
> - disables antivirus
> - creates lots of connections to network computers using microsoft-ds and
> netbios ports
Might be a variant of Ago/Gao-bot. Could you provide the executable ?
Your sincerely,
Peter Kosinar
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]