|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Survey.exe
Merunka, Steffen (Steffen.Merunka
compaq.com)
Mon, 31 May 1999 09:48:51 +0200
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Matt Curtin: "Re: Firewall comparison in Data Communications"
- Previous message: David LeBlanc: "Re: Survey.exe"
Hi,
if this is a Compaq box, this might be the survey utility, which is used to
inspect
and report system configuration for support purposes. It gathers hardware
and software
information and saves it as a history of multiple sessions in a single
configuration
history file.
If installed through the SmartStart server setup process, by default it
gathers information
every Wednesday at noon, and at every power-on. If installed from the Compaq
Integration
Maintenance Utility or the Compaq Management CD and no additional command
line parameters
were added, by default it gathers information every Sunday at midnight and
at every
power-on.
Check for a file survey.txt, default in c:\compaq\survey, which contains the
report.
You might as well have the web agents enebled, accessible via
http://localhost:2301/
steffen
-----Original Message-----
From: Ken Fox [mailto:kenfoxstarlinx.com]
Sent: Sunday, May 30, 1999 7:39 PM
To: 'firewall-wizardsnfr.net'
Subject: Survey.exe
Folks --
Anyone running an NT box seen a program called Survey.exe in thier
task manager window? This puppy was sucking up 100% of the CPU ... I
hadn't recalled ruinning anything that would generate such a program ;
however, I was online at Microsoft's web site at the time (patches /
downloads / etc) ... when I killed the process (not a terribly smart idea in
WIndows, I noticed aa red Icon dropped out of the systray, kinda looked like
a wizard or a mutated AOL icon) Assuming this is a hacker poking around ,
has anyone seen this before. Specifically, I killed him rather than let him
play -- OTOH I am planning on a dedicated hook-up with a firewall rather
than Dial up ... (turns out I moved in to an area with 7.1Meg ADSL
available....
I hadn''t gotten to installing / downloading BOF yet (it is now) --
Specifically though, if anyone has seen this program before, what ports & so
forth is it using and therefore what would we look for in a IDS or block
with a firewall?
I searched bugtraq for survey.exe under the assumption that it was
malicious and/or had been seen before.
Thanks< ken
- Next message: Matt Curtin: "Re: Firewall comparison in Data Communications"
- Previous message: David LeBlanc: "Re: Survey.exe"
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:59 CDT