Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: strange software > winsupdater.exe

From: Harlan Carvey <keydet89 () yahoo com>
Date: Wed, 16 Mar 2005 09:16:48 -0800 (PST)
Jim,

Is your analysis based solely on the name of the file
given by the OP?

 
--- "Jim Harrison (ISA)" <jmharr () microsoft com> wrote:

Sounds like it might be a variant of Gaobot:


http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.

bi.html 

Jim Harrison 
Security Business Unit (ISA SE)
"I have seen the suitcase in the trash and lived to
tell the tale" 

-----Original Message-----
From: sda-cr () racsa co cr [mailto:sda-cr () racsa co cr]

Sent: Tuesday, March 15, 2005 12:39 PM
To: incidents () securityfocus com
Subject: strange software > winsupdater.exe
Importance: High

Hi:

We are looking at an abnormal program named
"winsupdater.exe" and we are
having trouble installing antispyware software on
the infected
computers,
and the antivirus is not detecting the malware.
We were able to disable it manual trough regedit,
were it leaves a key
entry
in


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

named
"Microsoft Window Updater", but anyone knows if this
is a new virus or
spyware?

Esteban Lara
Director de IT
Soluciones Digitales de Almacenamiento S.A.












------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://windowsir.blogspot.com
------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: