Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Possible trojaned wlogon.exe?
From: "Thompson, John J" <ThompsonJJ () mail medicine uiowa edu>
Date: Tue, 31 Jul 2001 13:09:22 -0500
Ive been keeping a close eye on the webserver and I just noticed that the
processor usage is really high. Since Ive been aware of it (about 2 hours)
the following process has been at or around 99% utilization:
PID 920 --- wlogin.exe
 
I checked for connections, but there were no ftp sessions and minimal web
traffic. No attacks flagged by blackice server, and no more than 9
connections on average. Every now and then, a visitor will suddenly have 5-9
simultaneous connections upen on high level ports. 
 
I scanned the system for viruses and didn't detect any. 
 
If you have any ideas, I would appreciate them!
 
John
 
------------------------------------
John Thompson
Network Administrator
Dept. of Biochemistry
University of Iowa
 

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

  By Date           By Thread  

Current thread:
  • Possible trojaned wlogon.exe? Thompson, John J (Jul 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]