RE: services.exe file

["Jim Harrison (ISA)" <jmharr () microsoft com>]

ETrust identifies it as Backdoor/Delf.ft virus.

* Jim Harrison 
MCP(NT4/2K), A+, Network+
Security Business Unit (ISA SE)

"I used to hate writing assignments, but now I enjoy them. 
I realized that the purpose of writing is to inflate weak ideas, 
obscure poor reasoning, and inhibit clarity. 
With a little practice, writing can be an intimidating and 
impenetrable fog!"
-Calvin

-----Original Message-----
From: dano [mailto:dan () thejamzone com] 
Sent: Thursday, December 11, 2003 12:31
To: incidents () securityfocus com
Subject: Fw: services.exe file

Here's a link to the zipped copy of the services.exe file that I found
on my
system
for anyone that would like to check it out:

http://www.thejamzone.com/services/services.zip

Within in XP, I can NOT uncheck the hidden attribute that is set
although I
can unhide in DOS. After unhiding it, I ran f-prot and it did say that
it
was a "security risk" or backdoor program. It came to my attention after
running a netstat and constantly seeing connections being made to the
two
outside hosts. I then installed a personal firewall and found out
exactly
what application was doing it (should have done this a long time ago).

Dan


------------------------------------------------------------------------
---
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
----------------------------------------------------------------------------