|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: wmon16 follow-up
From: Harlan Carvey (keydet89
yahoo.com)
Date: Mon May 10 2004 - 20:02:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jason,
One last question...how do you know that it's a virus,
and not a worm or Trojan?
--- Jason High <strongcypherhotmail.com> wrote:
> Thanks to everyone for their advice and help. The
> virus was pretty
> un-sophisticated as far as I can tell. It created
> C:\winnt\system32\wmon16.exe and added registry
> entries in Run and Run >
> OptionalComponents to start itself when the computer
> starts. I simply
> killed it with Sysinternal's pskill, deleted the
> registry entries, patched
> the computers and updated the A/V. It seems to be
> gone now, but I'll
> watching closely.
>
> I submitted copies of the executable to various A/V
> vendors and many
> requestors on this list. If you asked for a copy
> and didn't get one, or
> would like to look at, please let me know. I had a
> lot going on and may
> have missed some people. Thanks again.
>
> Jason E. High,RHCT,GSEC,MCP
> http://www.alwaysright.org
>
>
_________________________________________________________________
> Getting married? Find tips, tools and the latest
> trends at MSN Life Events.
> http://lifeevents.msn.com/category.aspx?cid=married
>
>
>
---------------------------------------------------------------------------
>
----------------------------------------------------------------------------
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]