[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] wintcpmod.exe Hear of it?
- To: "Dan Bambach" <Dan@xxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] wintcpmod.exe Hear of it?
- From: "Todd Towles" <toddtowles@xxxxxxxxxxxxxxx>
- Date: Fri, 6 May 2005 07:46:03 -0500
Hey Dan, haven't heard of that one. But it does sound strange. I bet
many people on this list would like to get a ahold of that file. Also it
would be a good idea to run it thru www.virustotal.com and some of the
other online malware sites. Just in case it is a filename change..of a
new common malware.
________________________________
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Dan
Bambach
Sent: Thursday, May 05, 2005 5:15 PM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] wintcpmod.exe Hear of it?
I noticed today that a program wintcpmod.exe, located in two
places on my hard drive, windows\system and windows\system32 was
attempting to access port 53. My firewall blocked it and sent an alert.
I am on the road, so I have not had time to fully investigate this yet,
but a Google search produced very little about this program. It sets a
registry key for local machine "run", and can be seen on the process
screen. It does not appear in the services list. I was able to kill it,
but in my Google search, someone has claimed that they were unable to
kill the process. I am running WinXP SPk2 fully patched, and Symantec
AntiVirus, ZoneAlarmPro. Microsoft AntiSpyware does not report anything.
Has anyone else seen this program?
Dan Bambach
Dan@xxxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/