|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
wmon16 follow-up
From: Jason High (strongcypher
hotmail.com)
Date: Mon May 10 2004 - 14:02:58 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Thanks to everyone for their advice and help. The virus was pretty
un-sophisticated as far as I can tell. It created
C:\winnt\system32\wmon16.exe and added registry entries in Run and Run >
OptionalComponents to start itself when the computer starts. I simply
killed it with Sysinternal's pskill, deleted the registry entries, patched
the computers and updated the A/V. It seems to be gone now, but I'll
watching closely.
I submitted copies of the executable to various A/V vendors and many
requestors on this list. If you asked for a copy and didn't get one, or
would like to look at, please let me know. I had a lot going on and may
have missed some people. Thanks again.
Jason E. High,RHCT,GSEC,MCP
http://www.alwaysright.org
_________________________________________________________________
Getting married? Find tips, tools and the latest trends at MSN Life Events.
http://lifeevents.msn.com/category.aspx?cid=married
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]