Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

wmon16 follow-up
From: "Jason High" <strongcypher () hotmail com>
Date: Mon, 10 May 2004 15:02:58 -0400
Thanks to everyone for their advice and help. The virus was pretty un-sophisticated as far as I can tell. It created C:\winnt\system32\wmon16.exe and added registry entries in Run and Run > OptionalComponents to start itself when the computer starts. I simply killed it with Sysinternal's pskill, deleted the registry entries, patched the computers and updated the A/V. It seems to be gone now, but I'll watching closely.
I submitted copies of the executable to various A/V vendors and many requestors on this list. If you asked for a copy and didn't get one, or would like to look at, please let me know. I had a lot going on and may have missed some people. Thanks again. 

Jason E. High,RHCT,GSEC,MCP
http://www.alwaysright.org

_________________________________________________________________
Getting married? Find tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married 


---------------------------------------------------------------------------
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]