|
I noticed today that a program wintcpmod.exe, located in two places on my hard drive, windows\system and windows\system32 was attempting to access port 53. My firewall blocked it and sent an alert. I am on the road, so I have not had time to fully investigate this yet, but a Google search produced very little about this program. It sets a registry key for local machine “run”, and can be seen on the process screen. It does not appear in the services list. I was able to kill it, but in my Google search, someone has claimed that they were unable to kill the process. I am running WinXP SPk2 fully patched, and Symantec AntiVirus, ZoneAlarmPro. Microsoft AntiSpyware does not report anything.
Has anyone else seen this program?
Dan Bambach
|
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
