|
>>>>>>>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>>>>>>>>>>>. Message: 8 From: "Willem
Koenings" <[EMAIL PROTECTED]> To: Date: Fri, 23 Apr 2004
10:38:23 -0500 Subject: [Full-Disclosure]
Re: Outbreak of a virus on campus, scanning tcp 80/6129/1025/3127 > Sound familiar to
anyone? Today catched worm
wmiprvsw.exe. This worm incorporates stealth capabilities - it hides it's
process in memory and also it's exe is not seen in directory listing, when worm
is active. Although it does not hide registry entries, it shuts down regedit,
when regedit is executed. It creates two registry entries 'System Updater
Service' under Run and RunServices. Then it starts scan following
ports : 2745 135 1025 445 3127 6129 139 3140 Thats all for now - weekend
:) W. -- >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>.. >>>>>>>>>>>>>>>>>>>>>>>>>>> Oh great, leave me hanging
till Monday. thank you Randall M |
