Full Disclosure: Re: Microsoft Update Loader msrtwd.exe

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Re: Microsoft Update Loader msrtwd.exe

From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 1 Sep 2004 13:31:44 -0700 (PDT)

Recently discovered a trojan(? - possibly a virus)
called msrtwd.exe.
It's listed in the Registry as "Microsoft Update
Loader"

Does anyone know anything about this?   Google
doesnt offer much.


Where in the Registry did you find it?  Which key(s)? 
What about this makes you think it's a Trojan?  Did
you run fport/openports and find it listening on a
port?  Where does the Registry entry point to within
the file system?  Since the file is an .exe file, did
you check it for version information?

Since filenames are the easiest thing about a file to
change, is there any information other than simply the
name that you can provide?  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

Microsoft Update Loader msrtwd.exe S.A. Birl (Sep 01)
- Re: Microsoft Update Loader msrtwd.exe James Tucker (Sep 01)
  - Re: Microsoft Update Loader msrtwd.exe Jan Muenther (Sep 02)
- Re: Microsoft Update Loader msrtwd.exe Harlan Carvey (Sep 01)
- Re: Microsoft Update Loader msrtwd.exe joe smith (Sep 01)
- Re: Microsoft Update Loader msrtwd.exe Joe Stewart (Sep 02)
- <Possible follow-ups>
- RE: Microsoft Update Loader msrtwd.exe Todd Towles (Sep 01)
  - Re: Microsoft Update Loader msrtwd.exe S.A. Birl (Sep 02)
- RE: Microsoft Update Loader msrtwd.exe Todd Towles (Sep 02)