• Campuses
  • Texas Tech University
  • TTU Health Sciences Center
  • Texas Tech System
• Info For
  • Alumni
  • Athletic Fans
  • Current Students
  • Distance Learners
  • Faculty & Staff
  • Media
  • Parents
  • Prospective Employees
  • Prospective Undergrads
  • Prospective Graduates
  • Prospective Law Students
  • Prospective Intl Undergrads
  • Prospective Intl Graduates
  • Supporting TTU
• Contact Info
  • TTU Directory
• Site Map
  • TTU Site Map

Quick Search: TTU

Google Search Box » MORE OPTIONS «



IT Help Central

• New Students
• New Employees
• Buying the Right Computer

(806)742-HELP (4357)

• Solutions
• Hours of Operation
• Safe Computing
• Customer Survey
• About Us
• Employment
• Strategic Plan

Texas Tech University 

Global Left Nav: depts/template/ttu_template_components/Global_LeftNav

• TTU Home
• Academics
  • Office of the Provost
  • Academic Catalogs
  • Course Descriptions
  • Degree Programs
  • Undergraduate Fields of Study
  • Colleges & Schools
  • Departments
  • Libraries
  • Other Programs
• Administration
  • Office of the President
  • Administration & Finance
  • Athletics
  • Information Technology
  • Office of the Provost
  • Operations
  • Research
  • Institutional Diversity
  • University Strategic Plan
  • Administrative & Support Departments
• Alumni
• Athletics
• Campus Information
• Compliance Hotline
• Current Students
• Faculty & Staff
• Job Opportunities
• Libraries
• News & Events
  • Academic Calendar
  • Commencement
  • Daily Toreador
  • News
  • TechAnnounce
  • Events@TexasTech
• Off-Campus Sites
  • Division of Off-Campus Sites
  • Study Abroad
  • Online & Regional Sites
• Online & Regional Sites
• Prospective Students
  • Undergraduates
  • Graduates
  • Law Students
  • International - Undergraduate
  • International - Graduate
• Research
• Support TTU
• TTU System
• Web Sites

Need Help?

TTU Home IT Division IT Help Central

Download IE7 Spam-bot

No One at Texas Tech University or from Anywhere Else Should Ask For Your Password

An e-mail message allegedly containing a download for Internet Explorer 7 appears to be a spam-bot.

The "Download IE7" email copies IE7.0.exe to the user's TEMP directory as 'winlogon.exe', then deletes the IE7.0.exe. It creates a couple of batch files that it uses to create a registry key that will auto-execute when the user logs in:

HKLU\Software\Microsoft\Windows\CurrentVersion\Run\Firewall auto setup

A while later, the program makes DNS lookups for several domains and tries to connect to the SMTP port.  It attempts to 'phone home' to 72.232.49.214 with HTTP and reports "SMTP = bad" or SMTP = good".

Most anti-virus programs, including McAfee do not detect anything wrong with the IE7.0.exe file. The file has to be downloaded by clicking on the picture that came in the original message. It is not believed that it's executed unless the file IE7.0.exe is clicked on to run it.

If you have a machine you suspect may have been infected, look for the 'winlogon.exe' file in the TEMP directory and delete it.

More details are available here.

For assistance, contact IT Help Central at 742-HELP (742-4357).

 

Go Back to the Announcements

• Texas Tech University, 2903 4th Street, Lubbock, TX 79409
• 806.742.HELP (4357)
• Email Us

State of Texas | Statewide Search | Texas Homeland Security | SAO Fraud Reporting | Energy Management | General Policy Information | Online Institutional Resumes

TTU Home | TTU System | TTU Health Sciences Center | Angelo State University | Contact Us | Recommended Web Site Viewing Requirements

© 2013 Texas Tech University | All Rights Reserved |