Network Security: Detailed info on Re: wintbp.exe

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Virus

[Top] [All Lists]

Re: wintbp.exe

from [jayjwa] Network Security

[Permanent Link]

Subject:	Re: wintbp.exe
Date:	Tue, 16 Aug 2005 23:37:34 -0400


On Tue, 16 Aug 2005, Jacob Bresciani wrote:

-> Was this being started up in the registry?
-> HKLM\Software\Microsoft\Windows\Current Version\Run....
-> or somewhere else?

HKLM, like usual, is what I heard. Run, I'd check RunOnce, RunServices, 
etc... In other words, don't count to much on where this *one* varient is 
auto-starting from, but rather know where to look to find any of them, if 
some time in the future there are more (which there will most likely be).

 
-> if it was in the registry what was the key named?

This parameter is usually settable in the source code of these types of 
malware, so I wouldn't rely on that. Besides, how many things DO you have 
in HKLM Run/RunOnce/RunServices ?


-- 
I still want to know what dim bulb thought that UPnP was
a good idea. I mean, c'mon.  A defined API so malware can
send a "Pants Down!" command to the firewall?
What were they *thinking*?  -Valdis Kletnieks

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
wintbp.exe, Schlegel, Justin Re: wintbp.exe, William O'Malley Re: wintbp.exe, Nick FitzGerald Re: wintbp.exe, Jacob Bresciani Re: wintbp.exe, jayjwa <= Re: wintbp.exe, Jeff Pricher Re: wintbp.exe, Nick FitzGerald Re: wintbp.exe, Ero Carrera Re: wintbp.exe, Anish Shaikh RE: wintbp.exe, Christian Kernodle RE: wintbp.exe, sk3tch RE: wintbp.exe, Joswiak, Johnny G. RE: wintbp.exe, Ellis, Steven RE: wintbp.exe, Schlegel, Justin RE: wintbp.exe, Dowling, Gabrielle

Previous by Date:	RE: wintbp.exe, Dowling, Gabrielle
Next by Date:	RE: wintbp.exe, Joswiak, Johnny G.
Previous by Thread:	Re: wintbp.exe, Jacob Bresciani
Next by Thread:	Re: wintbp.exe, Jeff Pricher
Indexes:	[Date] [Thread] [Top] [All Lists]