[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Microsoft Update Loader msrtwd.exe

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Microsoft Update Loader msrtwd.exe
From: Harlan Carvey <keydet89@xxxxxxxxx>
Date: Wed, 1 Sep 2004 13:31:44 -0700 (PDT)

> Recently discovered a trojan(? - possibly a virus)
> called msrtwd.exe.
> It's listed in the Registry as "Microsoft Update
> Loader"
> 
> Does anyone know anything about this?   Google
> doesnt offer much.

Where in the Registry did you find it?  Which key(s)? 
What about this makes you think it's a Trojan?  Did
you run fport/openports and find it listening on a
port?  Where does the Registry entry point to within
the file system?  Since the file is an .exe file, did
you check it for version information?

Since filenames are the easiest thing about a file to
change, is there any information other than simply the
name that you can provide?  

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Microsoft Update Loader msrtwd.exe
  - From: S.A. Birl

Prev by Date: Re: [Full-Disclosure] Viral infection via Serial Cable
Next by Date: Re: [Full-Disclosure] Microsoft Update Loader msrtwd.exe
Previous by thread: Re: [Full-Disclosure] Microsoft Update Loader msrtwd.exe
Next by thread: Re: [Full-Disclosure] Microsoft Update Loader msrtwd.exe
Index(es):
- Date
- Thread