further to last info, does any one have any packet
information about this?
best
info would be used to cretae a packets filter using etherpeak so we can find
source of infection.
TIA
-----Original Message-----
From: Ferris, Robin [mailto:[EMAIL PROTECTED]
Sent: 17 February 2004 14:59
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] exploit-dcomrpc.genHi folksa couple of quick questions, has any one else seen this infection recently exploit-dcomrpc.gen, you would proably be using mcafee to see it detected as this.I what is odd is that these machines that are infected are patched with ms03-007/026/039 waswondering if any one had seen this at all.
- infection goes to c:\windows\system32\drivers\svchost.exe
- infected file is in IE temp folder labelled as WksPatch[1].exe
Any info would be appreciated.ThanksRobin
