|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Strange Service is showing up on PC's on our network
From: Oliver Schneider (Borbarad
GMXPRO.NET)
Date: Fri Jan 30 2004 - 14:02:22 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A question about this worm, couldn't find the answer in the articles Russ
gave:
If there is already a GINA replacement DLL will the work just overwrite the
registry value in the Winlogon key or will it register itself and still call
via the replacement DLL?
That's important on machines which use Novell as the network provider (since
it uses a replacement GINA) as well as for other custom solutions (e.g. if
the GINA authenticates against a *nix server not running SAMBA).
If the worm replaces the value it will be easily recognizable but may lead
to other problems ... if not, you have an infected machine without noticing
it.
Anyone any informations?
Oliver
-----
NTBugtraq Editor's Note:
Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]