Security Incidents mailing list archives

Re: Virus or Hacked NEW PC?

From: Tim Winders <twinders () SPC CC TX US>
Date: Tue, 28 Nov 2000 14:27:58 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It appears that the ssdpsrv is part of the WinME installation.  Serveral
devices use it for autoupdates from Microsoft.  Check out this KB article.

http://support.microsoft.com/support/kb/articles/Q262/4/58.ASP

Here is a very good article on this issue:

http://www.chipcenter.com/eexpert/gdorman/gdorman035.html

=== Tim

     **********************************************
        Tim Winders, MCSE, CNE, CCNA
        Associate Dean of Information Technology
        South Plains College
        Levelland, TX  79336

        Phone:  806-894-9611 x 2369
        FAX:    806-894-1549
        Email:  TWinders () SPC cc tx us
     **********************************************

On Thu, 23 Nov 2000, Jeff Pults wrote:

Thank you Tim!  I installed TDIMon and found the app
ssdpsrv was beeing accessed by two remote addresses.
After a little poking, also found an app called
BackWeb installed.  Is this a standard install on
systems with factory installed software?  The PC
vendor couldn't tell me anything (surprise ;)...

--Jeff

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (OSF1)
Comment: Made with pgp4pine 1.75-6

iEYEARECAAYFAjokFVUACgkQTPuHnIooYbxoSACgrDi4ptoQNtb/nn9x6V9B6fXi
5B8AnioogeAwEVVoXk2mZ/+VU6/zmDGT
=3zX3
-----END PGP SIGNATURE-----

Current thread:

Virus or Hacked NEW PC? Jeff Pults (Nov 24)
- <Possible follow-ups>
- Re: Virus or Hacked NEW PC? Jeff Pults (Nov 28)
- Re: Virus or Hacked NEW PC? Tim Winders (Nov 30)