srunner.exe - backdoor ?

Discussion in 'Windows Desktop Systems' started by dj_karl, Oct 6, 2003.

  1. dj_karl

    dj_karl Guest

    i've notcied this process running on my machine, i've haven't got a clue what it is and i've been unable to find out. I've run update to virus scanner, did full scan nothing found. Ad-ware and nothing found. I've done searches on the system for the file it doesn't find it, but it still runs on startup.

    anyone heard of this?
     
  2. Hipster Doofus

    Hipster Doofus Good grief Charlie Brown

    Messages:
    5,920
    Location:
    Melbourne Australia
  3. dj_karl

    dj_karl Guest

    i could only find that as well, when i looked on google. I haven't installed Service Installer?
     
  4. eNuffSaid

    eNuffSaid Guest

    Hi,

    Find the executable (srunner.exe) on your system, right click it, click properties, select the "version" tab...

    Does it have a company name listed?

    Regards,
    Willem Moolenaar
     
  5. dj_karl

    dj_karl Guest

    turns out it's a nice trojan or something similar
    it had a xdcc bot running a irc server by and ftp open on my machine

    file were stored in C:\WINDOWS\CURSORS\meta\oledac\su
    and also C:\WINDOWS\CURSORS\meta\oledac\backup

    it had added itself to my service disgusing itself as

    SPOOLSVC
     
  6. dubstar

    dubstar format c:

    Messages:
    1,357
    Location:
    Southern California
    thanks for the heads up.