Security Basics mailing list archives
Hacked
From: "Mauricio Fernandez" <mfernandez () fdta-valles org>
Date: Thu, 14 Apr 2005 10:46:04 -0400
This morning I found a wwwhack window opened on one of my w2k servers, antivirus agent was deleted (TrendMicro) and when I reinstall it back, it found about 4500 viruses named PE_PARITE.B Now the virus is still regenerating itself creating files on winnt\temp folder, I saw the task list and stopped all the suspicious process, but the virus still goes on... The virus/hacker created a folder named RADMIN, where he copied these files: r_server.exe admdll.dll hide.reg raddrv.dll pro.bat start.bat Does anyone knows how to remove this virus and avoid this hack vulnerability? Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia
Attachment:
smime.p7s
Description:
Current thread:
- Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Micheal Espinola Jr (Apr 14)
- Re: Hacked Alvaro Prieto (Apr 14)
- Re: Hacked Ramon Kagan (Apr 14)
- Re: Hacked confi dential (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Dr.Chandra (Apr 15)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Markus Pieton (Apr 14)
- Re: Hacked Jacob Bresciani (Apr 14)
- Re: Hacked Ansgar -59cobalt- Wiechers (Apr 18)
- Re: Hacked Nathaniel Hall (Apr 14)
(Thread continues...)