Security Incidents mailing list archives
Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor?
From: Steven.Litscher () OJA STATE WI US (Litscher, Steven)
Date: Fri, 21 Jul 2000 12:50:06 -0500
Greetings, We have several users that use Windows98 laptops to connect to our network. We use CryptoCard authentication, and have installed ZoneAlarm on a few of the laptops as an extra measure of precaution. While working on one of these laptops, ZoneAlarm asked me if I wanted to allow "Rlumkaus.exe" access to the internet. Not recognizing this program, I said "No". Now I'm curious... So, I check the task manager- nothing odd running. I search the registry, no hint of rlumkaus. I search the drive, and found rlumkaus.exe in the root of C:/Windows/. The icon idicates it is a mpg or avi file... I try to delete it, I get the "can't delete beacuse it's in use by Windows" message. I re-search the registry- nothing. I checked MSCONFIG, and sure enough, it's loaded at start-up. I ran a virus check using McAfee 4.0.3 DAT 4087, and it turned up nothing. I searched Bugtraq, McAfee, Norton, and DataFellows for info on this, and they have nothing. I'm curious (a) what is it, (b) why is it trying to access the net, (c) why is it being loaded at start-up, (d) if it's running, why didn't task manager show it? My gut feeling is that is some sort of trojan/backdoor?? Any help/info would be appreciated! Best wishes, Steve
Current thread:
- Re: tin.it and others non collaborative isps., (continued)
- Re: tin.it and others non collaborative isps. Richard Bejtlich (Jul 11)
- Hostile email mmurray () TAOS COM (Jul 12)
- I Was rooted Andrew Heath (Jul 17)
- Obfuscated URL's in spam Kee Hinckley (Jul 18)
- 85.85.85.85 weirdness Wozz (Jul 18)
- Re: 85.85.85.85 weirdness Pascal Bouchareine (Jul 19)
- Re: 85.85.85.85 weirdness Wozz (Jul 19)
- Re: 85.85.85.85 weirdness Jud (Jul 19)
- msnhome.talkcity.com Dirk Koopman (Jul 21)
- Re: msnhome.talkcity.com Ryan Yagatich (Jul 24)
- Anyone ever heard of "rlumkaus" virus/bug/trojan/backdoor? Litscher, Steven (Jul 21)
- Sudden increase in scans. Rune Kristian Viken (Jul 20)
- Re: Sudden increase in scans. Aaron Kelley (Jul 24)
- Wierd Windows 98 bug? Mark Collins (Jul 20)
- Port 38293 Tim H (Jul 21)
- Re: Port 38293 Talisker (Jul 22)