Home page logo

fulldisclosure logo Full Disclosure mailing list archives

wintcpmod.exe Hear of it?
From: "Dan Bambach" <Dan () dbambach net>
Date: Thu, 5 May 2005 17:15:23 -0500

I noticed today that a program wintcpmod.exe, located in two places on my
hard drive, windows\system and windows\system32 was attempting to access
port 53. My firewall blocked it and sent an alert. I am on the road, so I
have not had time to fully investigate this yet, but a Google search
produced very little about this program. It sets a registry key for local
machine "run", and can be seen on the process screen. It does not appear in
the services list. I was able to kill it, but in my Google search, someone
has claimed that they were unable to kill the process. I am running WinXP
SPk2 fully patched, and Symantec AntiVirus, ZoneAlarmPro. Microsoft
AntiSpyware does not report anything.


Has anyone else seen this program? 


Dan Bambach

Dan () dbambach net 


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]