What kind of Worm/Virus/Backdoor?

Computing.Net > Forums > Windows 2000 > What kind of Worm/Virus/Backdoor?

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Click here to start participating now! Also, check out the New User Guide.

What kind of Worm/Virus/Backdoor?

Name: Brent Williams
Date: August 22, 2003 at 09:55:18 Pacific
OS: W2K Server SP3
CPU/Ram: PIII 500/512

Comment:

I have seen on several of our W2K Servers instances of srvany.exe running several times. When I look in the services tab, there are services such as "Real Updater," "Version Manager" and "Secure Logon" that are running and their path is all the same:
c:\winnt\system32\srvany.exe
When you try to click on properties for them you get this message:
Configuration Manager: The specified device instance handle does not correspond to a present device.
Obviously these are some kind of worm or back door. Does anyone know what they are? I find they also come with a program called userinits.exe (instead of the standard userinit.exe that is part of windows) as well as a file named winlog.exe (userinits.exe is actually runh.exe in disguise). What is this and is there a removal tool?

Sponsored Link

Ads by Google

Response Number 1

Name: Analyst
Date: August 22, 2003 at 14:54:23 Pacific

Reply:

I don't know about back door or worm. But if you want to see what processes are listening on which ports, download and install Active Ports. It will tell you what applications and processes are listening for connections, and what the file path is to that application.

Help, Plz, Help!

Internal dns and websites

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Windows 2000 Forum Home

Sponsored links

Ads by Google

Results for: What kind of Worm/Virus/Backdoor?

What type of ram: PC66 or PC100

Summary

www.computing.net/answers/windows-2000/what-type-of-ram-pc66-or-pc100/2705.html

rid worm virus

Summary

www.computing.net/answers/windows-2000/rid-worm-virus/54253.html

script/exploit virus

Summary

www.computing.net/answers/windows-2000/scriptexploit-virus/36161.html

From the Geek Dictionary
IP Address - IP Address in its full form Internet Protocal Address which is a unique add...

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 3 Days.
Discuss in The Lounge
Poll History

Recent Posts
data sorting

Install without cdrom

Overheating and fan sound issue

Netlimiter Lite configuration

i can't open workgroup in my computer

All Awaiting Reply

Tom's News
Say Hello to Mass Effect 2's Engineer Class

Warner, Sony BMG, EMI, Universal Sued for Piracy

Star Trek Online Tool Lets You Tweet in Klingon

Virgin Reveals World's First Commercial Spaceship

Support for Win 2K, XP SP2 ends July 2010

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE