> Sound familiar to anyone? Today catched worm wmiprvsw.exe. This worm incorporates stealth capabilities - it hides it's process in memory and also it's exe is not seen in directory listing, when worm is active. Although it does not hide registry entries, it shuts down regedit, when regedit is executed. It creates two registry entries 'System Updater Service' under Run and RunServices.
Then it starts scan following ports : 2745 135 1025 445 3127 6129 139 3140 Thats all for now - weekend :) W. -- ___________________________________________________________ Sign-up for Ads Free at Mail.com http://promo.mail.com/adsfreejump.htm _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
