TranceAddict Forums

TranceAddict Forums (www.tranceaddict.com/forums)
- Chill Out Room
-- tmksrvu.exe


Posted by UglyDave on Oct-07-2003 23:35:

tmksrvu.exe

anyone know what this file does?

It's trying to connect to something and i dont know what - zonealarm alerted me..

i searched yahoo & google but there were no results.

Thanks!
David


Posted by whiskers on Oct-07-2003 23:40:

this is the only thing i could find:

http://groups.google.com/groups?q=t...ibero.it&rnum=1


Posted by DJ-Fuq on Oct-07-2003 23:54:

Just block it from connmecting, and delete it
What u should do is go through the list of programs in zonealarm and block every programs access except the 1s u know need to connect. For the 1s u want to connect, put on pass lock for them, then keep engage internet lock on in za all the time (but not stop all internet activity)


Posted by UglyDave on Oct-08-2003 12:02:

Cheers whiskers! According to that article it's a trojan so thank you!

DJ-Fuq - u know a lot about everything!! Well, a lot about everything i have a question about

Cheers

David


Posted by DJ-Fuq on Oct-08-2003 15:22:

quote:
Originally posted by UglyDave
DJ-Fuq - u know a lot about everything!! Well, a lot about everything i have a question about



Posted by Boomer187 on Oct-08-2003 15:40:

where was the file? also look for a file called firedaemon.exe.

the reason I ask is that it looks like the name partially includes servu, it is very common for people to exploit your system and pop it on there under different names. I would try to find the weakness in your system and stop it.


Posted by UglyDave on Oct-08-2003 18:22:

quote:
Originally posted by Boomer187
where was the file? also look for a file called firedaemon.exe.

the reason I ask is that it looks like the name partially includes servu, it is very common for people to exploit your system and pop it on there under different names. I would try to find the weakness in your system and stop it.


thank you also!

I havn't got firedaemon. the file was in c:\winnt\system32

cheers!

David


Posted by Boomer187 on Oct-08-2003 21:11:

ah, prolly servu, that is the most common place for it.

they might have got in through a weak nt password, weak sql password or some other vulnerability. nothing too dangerous I would guess.

I would also check your drive space. good places to check are c:\system volume information and c:\recycler .that is if there is a good portion of space missing.

other than that I think ur good.



Powered by: vBulletin
Copyright © 2000-2021, Jelsoft Enterprises Ltd.