Hey
Dan, haven't heard of that one. But it does sound strange. I bet many people on
this list would like to get a ahold of that file. Also it would be a good idea
to run it thru www.virustotal.com and
some of the other online malware sites. Just in case it is a filename change..of
a new common malware.
I noticed today that a program
wintcpmod.exe, located in two places on my hard drive, windows\system and
windows\system32 was attempting to access port 53. My firewall blocked it and
sent an alert. I am on the road, so I have not had time to fully investigate
this yet, but a Google search produced very little about this program. It sets
a registry key for local machine “run”, and can be seen on the process screen.
It does not appear in the services list. I was able to kill it, but in my
Google search, someone has claimed that they were unable to kill the process.
I am running WinXP SPk2 fully patched, and Symantec AntiVirus, ZoneAlarmPro.
Microsoft AntiSpyware does not report anything.
Has anyone else seen this program?
Dan Bambach
[EMAIL PROTECTED]
|
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
