[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] wintcpmod.exe Hear of it?

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] wintcpmod.exe Hear of it?
From: "Dan Bambach" <Dan@xxxxxxxxxxxx>
Date: Thu, 5 May 2005 17:15:23 -0500

I noticed today that a program wintcpmod.exe, located in two places on my
hard drive, windows\system and windows\system32 was attempting to access
port 53. My firewall blocked it and sent an alert. I am on the road, so I
have not had time to fully investigate this yet, but a Google search
produced very little about this program. It sets a registry key for local
machine "run", and can be seen on the process screen. It does not appear in
the services list. I was able to kill it, but in my Google search, someone
has claimed that they were unable to kill the process. I am running WinXP
SPk2 fully patched, and Symantec AntiVirus, ZoneAlarmPro. Microsoft
AntiSpyware does not report anything.

 

Has anyone else seen this program? 

 

Dan Bambach

Dan@xxxxxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] wintcpmod.exe Hear of it?
  - From: Michael Holstein

Prev by Date: [Full-disclosure] Port 1025 netvenuechat
Next by Date: [Full-disclosure] [ GLSA 200505-02 ] Oops!: Remote code execution
Previous by thread: Re: [Full-disclosure] telco service?
Next by thread: Re: [Full-disclosure] wintcpmod.exe Hear of it?
Index(es):
- Date
- Thread