| View previous topic :: View next topic |
| Author |
Message |
Mere_Mortal
1st Responder
Joined: Apr 10, 2004
Posts: 4191
Location: Kidderminster
|
 Posted: Wed Dec 22, 2004 1:49 am Post subject: cosine.exe & mssqlsrv.exe |
|
|
A few entries I'm interested in, but I can't find anything about them. There's nothing on Google, nothing on a CCSP forum search except on [these] Logs, whereas a search at SWI for cosine only brings up [this] Log (not for the faint hearted). Searches for mssqlsrv brings no results at all, except the one Log I found these on in the first place.
By the way, the are reported to have requested Internet access.
O4 - HKLM\..\Run: [cosine] cosine.exe
O4 - HKLM\..\RunServices: [cosine] cosine.exe
O4 - HKCU\..\Run: [Microsoft SQL Srv] mssqlsrv.exe
O4 - HKLM\..\RunServices: [Microsoft SQL Srv] mssqlsrv.exe
Anybody got anything on these?
_________________
[Malware Removal and Prevention] [Malware Complaints]
|
|
| Back to top |
|
 |
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
|
| Posted: Sat Dec 25, 2004 9:18 am Post subject: |
|
|
Both malware, by the looks of it...
As for your cosine.exe, from here:
| Quote: | Scanned file: cosine.exe
cosine.exe - packed with PE-Diminisher cosine.exe - infected by Backdoor.Win32.Rbot.gen |
The other one is probably another W.32 Rbot or a Gaobot worm variant.
When in doubt, have the poster upload the file to be tested, for example at http://virusscan.jotti.dhs.org/
Or of course request a sample of the file yourself.
Cheers,
_________________
Tony  CLSID List
|
|
| Back to top |
|
|
Mere_Mortal
1st Responder
Joined: Apr 10, 2004
Posts: 4191
Location: Kidderminster
|
|
| Back to top |
|
|
TonyKlein
Site Moderator
Microsoft MVP
Joined: Oct 15, 2002
Posts: 13120
Location: Netherlands
|
|
| Back to top |
|
|
|
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
And Merry Christmas 