Security Incidents mailing list archives
Re: strange software > winsupdater.exe
From: Harlan Carvey <keydet89 () yahoo com>
Date: Tue, 15 Mar 2005 14:14:51 -0800 (PST)
Esteban, New here? Welcome. First of, what research have you done, besides using anti-spyware and -virus? Google searches? Does the process have port open? If so, which one(s)? Do you see the process running in Task Manager? If so, have you run pmdump.exe, handle.exe, listdlls.exe, or anything else against the process? Have you run strings.exe against the file? Have you done any sort of investigation at all? If so, please post any information you may have, as it might help others help you...
We are looking at an abnormal program named "winsupdater.exe" and we are having trouble installing antispyware software on the infected computers, and the antivirus is not detecting the malware. We were able to disable it manual trough regedit, were it leaves a key entry in
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
named "Microsoft Window Updater", but anyone knows if this is a new virus or spyware? Esteban Lara Director de IT Soluciones Digitales de Almacenamiento S.A.
------------------------------------------ Harlan Carvey, CISSP "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://windowsir.blogspot.com ------------------------------------------
Current thread:
- Re: strange software > winsupdater.exe, (continued)
- Re: strange software > winsupdater.exe Jeremy Anderson (Mar 17)
- Re: strange software > winsupdater.exe Nick FitzGerald (Mar 28)
- Re: strange software > winsupdater.exe Paul Laudanski (Mar 28)
- Pubstro rash David Gillett (Mar 17)
- Re: Pubstro rash Mark Coleman (Mar 17)
- RE: Pubstro rash Steve Drees (Mar 17)
- RE: Pubstro rash Alexandre Skyrme (Mar 17)
- Re: Pubstro rash Jeff Kell (Mar 18)
- RE: Pubstro rash David Gillett (Mar 18)
- Re: strange software > winsupdater.exe Valdis . Kletnieks (Mar 17)
- Re: strange software > winsupdater.exe Nick FitzGerald (Mar 17)