|
Here I was, freshly installing win2k with sp4. 4
error messages popped up in a row, unhandled exception in svchost.exe. I
stupidly didn't get the locations, because I dismissed it as a random
bug.
It then occurred to me that this may be how the
recent RPC exploits on the end user's system. When I tried to open the Task
Manager, to see if any other processes had been started, it stayed open for only
a fraction of a second. There was one foreign task, sysengr.exe . A search of
Google revealed nothing for this filename. I tried to delete it, but first had
to rename taskmgr.exe to a random name so that it would stay open, instead of
being closed. After this, sysengr.exe was easily ended, and the file was removed
(I have a copy available, should anyone want to study it.)
The only other side effect I noticed was that I was
unable to open regedit, presumably in an attempt to keep me from removing the
program from startup.
Thank you for any information you might have on
what else I should look for on this system, besides the obvious patching which I
was in the process of doing when this came up.
-Hank Kester
|
