Suchaknight
Premium
join:2002-10-06
Houbytown
| WTF is webdav.exe ??
There's some damn program called webdav.exe trying to install itself in my startup menu right now, but thanks to you guys, startup monitor is blocking it.
Can I just delete it to solve the problem?
--
Jimmy Swaggart, Jim Baker, and Jesse Jackson have collaborated on a new book called "Ministers Do More Than Lay People." |
|
Gavin_TH
join:2003-04-03
Australia
| webdav is an exploit for IIS, do you have open file shares / weak ADMIN password on your machine ? Or are you running an IIS webserver ?
I would assume you have been compromised for the above reasons
--
Gavin Coe
DiamondCS Analyst
»www.diamondcs.com.au
|
|
EGeezer
Freezin Season
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
| reply to Suchaknight
Based on the information you provided, see
»www.lurhq.com/webdav.html
»www.cert.org/advisories/CA-2003-09.html
»cve.mitre.org/cgi-bin/cvename.cg···003-0109
MS patch; »www.microsoft.com/technet/treevi···-007.asp
Time to update your system and run some trojan and virus detectors.
** (added in edit) - AND, like Gavin says, secure your system **
That's WTF...
EG
--
I hate jogging. It makes my beer foam up...
[text was edited by author 2003-08-05 02:31:02]
[text was edited by author 2003-08-05 02:51:00] |
|
Imogen8
join:2001-11-04
UK | wtf does wtf mean? |
|
Suchaknight
Premium
join:2002-10-06
Houbytown | reply to Suchaknight
No server running here. Standalone xp pro.
Probably A WEAK PW ON ADMIN.
Should I delete the program or not? |
|
Gavin_TH
join:2003-04-03
Australia
| reply to Suchaknight
Yes,
Set a strong password, restart, (I would install Port Explorer and look for suspicious connections.. at a bare minimum). You could have been badly compromised of course in the meantime 
»www.diamondcs.com.au/portexplorer/
--
Gavin Coe
DiamondCS Analyst
»www.diamondcs.com.au
|
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:  
| reply to Gavin_TH
said by Gavin_TH  :
webdav is an exploit for IIS, do you have open file shares / weak ADMIN password on your machine ? Or are you running an IIS webserver ?
I would assume you have been compromised for the above reasons
I disagree. 
Webdav.exe is a known IIS exploit.
WebDAV (»www.webdav.org/) is
quote:
What is WebDAV?
Briefly: WebDAV stands for "Web-based Distributed Authoring and Versioning". It is a set of extensions to the HTTP protocol which allows users to collaboratively edit and manage files on remote web servers.
--
[Text was edited by a moderator]
I did it for you, so you don't have to!  |
|
Suchaknight
Premium
join:2002-10-06
Houbytown
| reply to Suchaknight
I trying to get rid this damn webdav.exe..........
So, when I try to run task manager so I can kill process, the window minimizes itself after about 1 second. If I reopen it, it disappears? WTF? This sucker thinks ahead. Any ideas?
--
Jimmy Swaggart, Jim Baker, and Jesse Jackson have collaborated on a new book called "Ministers Do More Than Lay People." |
|
psloss
Premium
join:2002-02-24
Alpharetta, GA
| said by Suchaknight :
I trying to get rid this damn webdav.exe..........
So, when I try to run task manager so I can kill process, the window minimizes itself after about 1 second. If I reopen it, it disappears? WTF? This sucker thinks ahead. Any ideas?
You can try using a different process viewer, such as Process Explorer:
»www.sysinternals.com/ntw2k/freew···xp.shtml
(download link at bottom of page)
Philip Sloss
--
Feedback? e-mail: stuff@lupwa.org |
|
dave
Premium,MVM
join:2000-05-04
not in ohio | reply to Suchaknight
If XP, use
taskkill /im webdav.exe
from the command line |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV | reply to Suchaknight
Send me a copy of webdav.exe, to vampirefo@yahoo.com I will run it on my pc, and tell you how to get rid of it.
--
TrojanHunter Stands For Privacy!!!!!!! |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| reply to Suchaknight
I don't know what the file is, but it may be a service, if so you wont be able to kill it via command line unless you use net stop, but as soon as I get the file and run it, I will know how to get rid of it.
--
TrojanHunter Stands For Privacy!!!!!!! |
|
Suchaknight
Premium
join:2002-10-06
Houbytown
| reply to Imogen8
said by Imogen8 :
wtf does wtf mean?
It's a commonly used expression over here.
"What's The Fix?
--
Jimmy Swaggart, Jim Baker, and Jesse Jackson have collaborated on a new book called "Ministers Do More Than Lay People." |
|
Vampirefo
Premium,MVM
join:2000-12-11
Huntington, WV
·Comcast
| reply to Suchaknight
You have W32/Spybot.worm.gen
To remove you need to open msconfig, uncheck msconfig32.exe
Or open regedit navigate to the below entries in the right hand column delete msconfig32 reboot.
Now got to WINDOWS\system32\ then find and delete msconfig32.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "MSConfig"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce "MSConfig"
--
TrojanHunter Stands For Privacy!!!!!!! |
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| reply to Suchaknight
said by Suchaknight :
said by Imogen8 :
wtf does wtf mean?
It's a commonly used expression over here.
"What's The Fix?
lol, have I been wrong for the past few years.... 
--
[Text was edited by a moderator]
I did it for you, so you don't have to! |
|
Gavin_TH
join:2003-04-03
Australia
| reply to Suchaknight
Thanks jdong
Oh its a SpyBot werm Easy to kill and much less chance of damage - PS Vampirefo can you send me a copy
--
Gavin Coe
DiamondCS Analyst
»www.diamondcs.com.au
|
|
jdong
Eat A Beaver, Save A Tree.
Premium
join:2002-07-09
Rochester, MI
clubs:
| said by Gavin_TH :
Thanks jdong
Oh its a SpyBot werm Easy to kill and much less chance of damage - PS Vampirefo can you send me a copy
Lol, I didn't expect the SpyBot worm, either. LOL.
Well, anyway, you're a professional malware analyst, I'm a 15-year-old DSLR addict... lol. Different ends of the spectrum.
--
[Text was edited by a moderator]
I did it for you, so you don't have to! |
|
Bobb
Premium
join:2001-02-16
Kent, WA
clubs:
| reply to Suchaknight
said by Suchaknight :
said by Imogen8 :
wtf does wtf mean?
It's a commonly used expression over here.
"What's The Fix?
It means { What's The Fix? } When did this start??! Not what it generally means I thought anyway.
[text was edited by author 2003-08-06 00:52:00] |
|
galileo757
join:2001-11-22
New York, NY | WTF is the politically correct meaning Bobb. |
|
devrandom
I got a pot, full of random stuff here
Premium
join:2003-06-28
| reply to Suchaknight
Totally off post but..just wanted to clarify a little
WTF = What the Fudge! We have been wrong for the better part of your lives Hehe.
--
Throwing your used Pentium into the ocean only makes the fish smarter. |
|
