This could be another bot running on the same filename, but here is something I found on google
Norton Antivirus 2004(vir def may-2005) report wintcpmod.exe is infected with W32.DSS.Trojan. The file was deleted and WinXP Sp2 work without problems. http://www.what-process.com/process-info.aspx?p=wintcpmod.exe.exe > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of andy mueller > Sent: Friday, June 03, 2005 8:17 AM > To: [email protected] > Subject: [Full-disclosure] (no subject) > > > > HI people I have had "wintcpmod" as well so I submitted it > to norton antivirus and they came back to me with this: > > > > We have analyzed your submission. The following is a report of our > findings for each file you have submitted: > > filename: C:\WINDOWS\system32\wintcpmod.exe > machine: ALIEN > result: This file is infected with Backdoor.Trojan > > Developer notes: > C:\WINDOWS\system32\wintcpmod.exe is non-repairable threat. NAV with > the latest rapidrelease definition detects this. Please delete this > file and replace it if neccessary. Please follow the > instruction at the > end of this email message to install the latest rapidrelease > definitions. > > > > Symantec Security Response has determined that the sample(s) that you > provided are infected with a virus, worm, or Trojan. We have created > RapidRelease definitions that will detect this threat. Please > follow the > instruction at the end of this email message to download and install > the latest RapidRelease definitions. > Downloading and Installing RapidRelease Definition Instructions: > 1. Open your Web browser. If you are using a dial-up > connection, connect > to any Web site, such as: http://securityresponse.symantec.com/ > 2. Click this link to the ftp site: > ftp://ftp.symantec.com/public/english_us_canada/antivirus_defi > nitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe. > If it does not go to the site (this could take a minute or so if you > have a slow connection), copy and paste the address into the > address bar > of your Web browser and then press Enter. > 3. When a download dialog box appears, save the file to the Windows > desktop. > 4. Double-click the downloaded file and follow the prompts. > ---------------------------------------------------------------------- > This message was generated by Symantec Security Response automation > > Should you have any questions about your submission, please contact > our regional technical support from the Symantec website > (http://www.symantec.com/techsupp/) > and give them the tracking number in the subject of this message. > > _________________________________________________________________ > Winks & nudges are here - download MSN Messenger 7.0 today! > http://messenger.msn.co.uk > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
