|
Security Incidents
mailing list archives
Re: wmon16 follow-up
From: Harlan Carvey <keydet89 () yahoo com>
Date: Mon, 10 May 2004 18:02:18 -0700 (PDT)
Jason,
One last question...how do you know that it's a virus,
and not a worm or Trojan?
--- Jason High <strongcypher () hotmail com> wrote:
Thanks to everyone for their advice and help. The
virus was pretty
un-sophisticated as far as I can tell. It created
C:\winnt\system32\wmon16.exe and added registry
entries in Run and Run >
OptionalComponents to start itself when the computer
starts. I simply
killed it with Sysinternal's pskill, deleted the
registry entries, patched
the computers and updated the A/V. It seems to be
gone now, but I'll
watching closely.
I submitted copies of the executable to various A/V
vendors and many
requestors on this list. If you asked for a copy
and didn't get one, or
would like to look at, please let me know. I had a
lot going on and may
have missed some people. Thanks again.
Jason E. High,RHCT,GSEC,MCP
http://www.alwaysright.org
_________________________________________________________________
Getting married? Find tips, tools and the latest
trends at MSN Life Events.
http://lifeevents.msn.com/category.aspx?cid=married
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- wmon16 follow-up Jason High (May 10)
- Re: wmon16 follow-up Harlan Carvey (May 11)
| 
Intro
