RE: strange dllhost and email

  • From: "Chris Adams" <Chris.Adams@xxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 1 Sep 2003 15:20:19 +0100

The "normal" DLLHOST.EXE application usually sits in <SYSTEM 
DRIVE>:\WINNT\System32 and is roughly 6k.
The "Infected" DLLHOST.EXE from Nachi et al. is in  <SYSTEM 
DRIVE>:\WINNT\System32\Wins\ and is about 10k.
DLLHOST.EXE is used to run COM+ components.
You may want to check the location and size of your DLLHOST.EXE file to see if 
you're infected or not.

-----Original Message-----
From: Hery [mailto:hery@xxxxxxxxxxxxxx]
Sent: 01 September 2003 09:25
To: [ExchangeList]
Cc: Exchange2000@xxxxxxxxxxxxxxx
Subject: [exchangelist] strange dllhost and email

hi guys,
check at my task manager, and found DLLHOST.EXE entry at "processes",   Is this 
infected by welchia or sobig.f ?  i try to terminate it using some removal 
tools (doing in safe mode) but after restart and already running in normal 
mode, it will exist again.  fyi, i'm using windows 2000 advance server +sp3, 
and exchange 2000 + sp3.  i have apply the rpc dcom vulnerability patch.  and 
sometimes at the queue viewer, i can see email to domain that not listed at my 
company with size 1.002 KB.    what's this ?
List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
Leading Network Software Directory:
No.1 ISA Server Resource Site:
Windows Security Resource Site:
Network Security Library:
Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as: 
To unsubscribe send a blank email to $subst('Email.Unsub') 

Other related posts: