Home > Archive > Windows 2000 track general > June 2001 > Anybody know what this is?





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author Anybody know what this is?
Trouble Man

2001-06-01, 1:15 pm

Yesterday I download a free firewall from Zone Alarm (great product!!). It caught this little bugger trying to send out some info to the internet: svxxxecvcvgq.exe. A McAfee virus scan came up nil on it, but I tried to delete it and I couldn't!! So I looked at my system.ini (Win98) and look what I found: shell=Explorer.exe svxxxecvcvgq.exe

So I booted a different OS renamed it to svxxxecvcgq.bak and changed system.ini, and then rebooted back into 98. Now my question is: Is this a legit file that I'm just being a panicky biyatch about, or was this a legit trojan horse, or maybe a zombie? Other than the Windows critical update (Zone Alarm caught that, too, it felt great zapping that!!) I don't know why any legitimate embedded windows program would need to go out an unknown port to the internet.

If this is a legit Win98 program, someone let me know.

Thanks in advance.

P.S. I'm also posting this thread in the General Discussion and A+ forums for thoroughness, cause not everbody looks in this forum.
acoopmcp

2001-06-01, 2:19 pm

I checked the MS knowledge base and nothing came up on that file. I'll keep looking though. I'd like to know what it is as well.
Trouble Man

2001-06-01, 2:28 pm

Here it is in .bak form. If you look at it in Wordpad you can see that it was compiled by UPX, but I went to their website and UPX is just a exe compiler. So that doesn't tell me jack.
Trouble Man

2001-06-01, 2:36 pm

Nevermind. It's not working. If anybody wants me to e-mail it as an attachment let me know.
creamy_stew

2001-06-06, 5:33 pm

My pick: Sub7 - It's common and can generate a random name

/creamy
creamy_stew

2001-06-06, 5:43 pm

Yeah, dddefinately sub7, ddefinately sub7.

check this out: http://www.bsoft.swinternet.co.uk/t...ub7.htm#Removal Instructions

The actual file name is not a random one in this example, but I know that sub7 can generate one.

/creamy
Trouble Man

2001-06-06, 11:07 pm

Yeah, I agree. I got hit with Sub7Server. It's gone now, it was only on about a month.
Thanks for the links. Also check out grc.com
acoopmcp

2001-06-07, 6:44 am

quote:
Originally posted by Trouble Man
Yeah, I agree. I got hit with Sub7Server. It's gone now, it was only on about a month.
Thanks for the links. Also check out grc.com


That's a naste little trojan ain't it?

Do you run any anti-virus protection? It sounds like if you do than this should have been caught.
Trouble Man

2001-06-07, 10:04 pm

I got McAfee virus scan. The update is pretty recent.
Sponsored Links





Free Braindumps | MCSE braindumps software forum

Copyright 2003 - 2008 examnotes.net