RE: strange dllhost and email

• From: "Chris Adams" <Chris.Adams@xxxxxxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Mon, 1 Sep 2003 15:20:19 +0100

The "normal" DLLHOST.EXE application usually sits in <SYSTEM 
DRIVE>:\WINNT\System32 and is roughly 6k.
 
The "Infected" DLLHOST.EXE from Nachi et al. is in  <SYSTEM 
DRIVE>:\WINNT\System32\Wins\ and is about 10k.
 
DLLHOST.EXE is used to run COM+ components.
 
You may want to check the location and size of your DLLHOST.EXE file to see if 
you're infected or not.
 
Chris.

-----Original Message-----
From: Hery [mailto:hery@xxxxxxxxxxxxxx]
Sent: 01 September 2003 09:25
To: [ExchangeList]
Cc: Exchange2000@xxxxxxxxxxxxxxx
Subject: [exchangelist] strange dllhost and email


http://www.MSExchange.org/

hi guys,
 
check at my task manager, and found DLLHOST.EXE entry at "processes",   Is this 
infected by welchia or sobig.f ?  i try to terminate it using some removal 
tools (doing in safe mode) but after restart and already running in normal 
mode, it will exist again.  fyi, i'm using windows 2000 advance server +sp3, 
and exchange 2000 + sp3.  i have apply the rpc dcom vulnerability patch.  and 
sometimes at the queue viewer, i can see email to domain that not listed at my 
company with size 1.002 KB.    what's this ?
 
rgds,
hery
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as: 
chris.adams@xxxxxxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts:

• » strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email

1. Home
2. exchangelist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---