Full Disclosure mailing list archives
RE: (no subject)
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 3 Jun 2005 09:41:35 -0500
This could be another bot running on the same filename, but here is something I found on google Norton Antivirus 2004(vir def may-2005) report wintcpmod.exe is infected with W32.DSS.Trojan. The file was deleted and WinXP Sp2 work without problems. http://www.what-process.com/process-info.aspx?p=wintcpmod.exe.exe
-----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of andy mueller Sent: Friday, June 03, 2005 8:17 AM To: full-disclosure () lists grok org uk Subject: [Full-disclosure] (no subject) HI people I have had "wintcpmod" as well so I submitted it to norton antivirus and they came back to me with this: We have analyzed your submission. The following is a report of our findings for each file you have submitted: filename: C:\WINDOWS\system32\wintcpmod.exe machine: ALIEN result: This file is infected with Backdoor.Trojan Developer notes: C:\WINDOWS\system32\wintcpmod.exe is non-repairable threat. NAV with the latest rapidrelease definition detects this. Please delete this file and replace it if neccessary. Please follow the instruction at the end of this email message to install the latest rapidrelease definitions. Symantec Security Response has determined that the sample(s) that you provided are infected with a virus, worm, or Trojan. We have created RapidRelease definitions that will detect this threat. Please follow the instruction at the end of this email message to download and install the latest RapidRelease definitions. Downloading and Installing RapidRelease Definition Instructions: 1. Open your Web browser. If you are using a dial-up connection, connect to any Web site, such as: http://securityresponse.symantec.com/ 2. Click this link to the ftp site: ftp://ftp.symantec.com/public/english_us_canada/antivirus_defi nitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe. If it does not go to the site (this could take a minute or so if you have a slow connection), copy and paste the address into the address bar of your Web browser and then press Enter. 3. When a download dialog box appears, save the file to the Windows desktop. 4. Double-click the downloaded file and follow the prompts. ---------------------------------------------------------------------- This message was generated by Symantec Security Response automation Should you have any questions about your submission, please contact our regional technical support from the Symantec website (http://www.symantec.com/techsupp/) and give them the tracking number in the subject of this message. _________________________________________________________________ Winks & nudges are here - download MSN Messenger 7.0 today! http://messenger.msn.co.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- (no subject) andy mueller (Jun 03)
- <Possible follow-ups>
- RE: (no subject) Todd Towles (Jun 03)
- RE: (no subject) Andrew R. Reiter (Jun 03)