Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Greg Chatten - St. Louis Internet (gchattenST-LOUIS.NET)
Date: Sat Mar 01 2003 - 11:48:42 CST
At exactly 16:00Z 3/1/03 a server which was previously infected with the
IERK8234.SYS driver, which caused blue-screen crashes, blue-screened again
specifying a driver name of "P2.SYS". This is on a fully-patched W2K
Advanced Service box which is also running Norton Corporate. No prior
detection was made.
Previously we had removed the IERK issue from a customers' colo server
following all the steps outlined in a previous NTBUGTRAQ advisory, and all
has been running well since then.
I cannot find a descriptive reference to "P2.SYS" anywhere. We located the
file in SAFE MODE under: root\winnt\system32\drivers
and removed it. So far the box has been running fine since.
While no evidence suggest the two are linked, the result (blue-screen) is
certainly in common.
Regards - Greg
St. Louis Internet, Inc.
Have you discovered a security vulnerability related to Windows or a
commercial product which runs on Windows?
Need assistance crafting the format or translating your advisory to English?
Need to verify it, or having problems contacting the Vendor?