RE: strange dllhost and email

• From: "Jamie A. Byrnes" <jabyrnes@xxxxxxxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Tue, 2 Sep 2003 13:42:06 +0930

Hi Hery,
 
I am almost certain you have w32.blaster.d
 
check in c:\windows\system32\wins\ as suggested by chris, although you
can't be sure of which varient of blaster it is so can't be sure where
it puts it - could try searching whole c: for dllhost.exe. Also check
the usual run/runonce key in the registry
(/HKLM/software/microsoft/current version/run).
 
This variant was released only a couple (maybe 3) days ago, update your
virus defs again or try trend housecall to be sure there is no virus
there.
 
 
Jamie.
 

        -----Original Message-----
        From: Hery [mailto:hery@xxxxxxxxxxxxxx] 
        Sent: Tuesday, 2 September 2003 11:30 AM
        To: [ExchangeList]
        Subject: [exchangelist] RE: strange dllhost and email
        
        
        http://www.MSExchange.org/
        
        hi Chris,
        the file is located at \winnt\system32.  and the size is 5.76
KB.  i've scan for the virus, but found nothing.  so if this dllhost.exe
is really windows program, i think it safe to run.  nothing to worried.
i also have patch the rpc dcom.
        many thank's for your help.
         
        rgds,
        hery

                ----- Original Message ----- 
                From: Chris Adams <mailto:Chris.Adams@xxxxxxxxxxxxxxxx>

                To: [ExchangeList] <mailto:exchangelist@xxxxxxxxxxxxx>  
                Sent: Monday, September 01, 2003 21:20 PM
                Subject: [exchangelist] RE: strange dllhost and email

                http://www.MSExchange.org/
                
                The "normal" DLLHOST.EXE application usually sits in
<SYSTEM DRIVE>:\WINNT\System32 and is roughly 6k.
                 
                The "Infected" DLLHOST.EXE from Nachi et al. is in
<SYSTEM DRIVE>:\WINNT\System32\Wins\ and is about 10k.
                 
                DLLHOST.EXE is used to run COM+ components.
                 
                You may want to check the location and size of your
DLLHOST.EXE file to see if you're infected or not.
                 
                Chris.

        ------------------------------------------------------
        List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
        Exchange Newsletters:
http://www.msexchange.org/pages/newsletter.asp
        Exchange FAQ:
http://www.msexchange.org/pages/larticle.asp?type=FAQ
        ------------------------------------------------------
        Other Internet Software Marketing Sites:
        Leading Network Software Directory: http://www.serverfiles.com
        No.1 ISA Server Resource Site: http://www.isaserver.org
        Windows Security Resource Site: http://www.windowsecurity.com/
        Network Security Library: http://www.secinf.net/
        Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
        ------------------------------------------------------
        You are currently subscribed to this MSExchange.org Discussion
List as: jabyrnes@xxxxxxxxxxxxxxxxx
        To unsubscribe send a blank email to
$subst('Email.Unsub') 

Other related posts:

• » strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email
• » RE: strange dllhost and email

1. Home
2. exchangelist
3. Archive
4. 09-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---