Security Basics mailing list archives

RE: Hacked

From: "Joshua Berry" <jberry () PENSON COM>
Date: Thu, 14 Apr 2005 13:29:10 -0500

Radmin is not a virus, that is a remote control utility like VNC or
PCAnywhere (except it is free I believe).

-----Original Message-----
From: Mauricio Fernandez [mailto:mfernandez () fdta-valles org] 
Sent: Thursday, April 14, 2005 9:46 AM
To: security-basics () securityfocus com
Subject: Hacked

This morning I found a wwwhack window opened on one of my w2k servers,
antivirus agent was deleted (TrendMicro) and when I reinstall it back,
it
found about 4500 viruses named PE_PARITE.B

Now the virus is still regenerating itself creating files on winnt\temp
folder, I saw the task list and stopped all the suspicious process, but
the virus still goes on...

The virus/hacker created a folder named RADMIN, where he copied these
files:
r_server.exe
admdll.dll
hide.reg
raddrv.dll
pro.bat
start.bat

Does anyone knows how to remove this virus and avoid this hack
vulnerability?

Mauricio Fernández S.
IT Manager
Tel. 591- 445-25160
Fax. 591- 441-15056
mfernandez () fdta-valles org
www.fdta-valles.org
Cochabamba - Bolivia

Attachment: smime.p7s
Description:

Current thread:

Re: Hacked, (continued)
- Re: Hacked Jacob Bresciani (Apr 14)
  - Re: Hacked Ansgar -59cobalt- Wiechers (Apr 18)
- Re: Hacked Nathaniel Hall (Apr 14)
- Re: Hacked Valentin Höbel (Apr 14)
- Re: Hacked xyberpix (Apr 14)
- Re: Hacked Alen Capalik (Apr 14)
- Re: Hacked Matan Peled (Apr 14)
- RE: Hacked lista (Apr 14)
- Re: Hacked Etapien (Apr 15)
  - Re: Hacked matt donovan (Apr 18)
- RE: Hacked Joshua Berry (Apr 14)
  - RE: Hacked Jason DeCamp (Apr 14)
- RE: Hacked Steve Scholz (Apr 14)
- RE: Hacked Conlan Adams (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Donald Voss (Apr 14)
- RE: Hacked Paul Marsh (Apr 15)
  - RE: Hacked Louie (Apr 18)
    - RE: Hacked (...still cleaning) Mauricio Fernandez (Apr 19)

(Thread continues...)