Security Basics mailing list archives
RE: Hacked
From: "Mauricio Fernandez" <mfernandez () fdta-valles org>
Date: Thu, 14 Apr 2005 14:53:00 -0400
I copied the folder on my lap, but the logs file doesn't has information about the hacker or his intentions, only has some copy/move/prepare information Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia -----Original Message----- From: luuk stoop [mailto:luukstoop () gmail com] Sent: Thursday, April 14, 2005 2:16 PM To: mfernandez () fdta-valles org Subject: Re: Hacked Me again, you could trace this hacker by looking in to the log files from Remote Administrator. So I hope you did not remove it already. Luuk On 4/14/05, luuk stoop <luukstoop () gmail com> wrote:
Dear Sir, The files in the dir RADMIN contain a program called remote administrator, it opens telnet and a remote admin connection. You can simple remove it by uninstall from Remote Administrator. I hope this helps Sincirli Luuk On 4/14/05, Mauricio Fernandez <mfernandez () fdta-valles org> wrote:This morning I found a wwwhack window opened on one of my w2k servers, antivirus agent was deleted (TrendMicro) and when I reinstall it back,
it
found about 4500 viruses named PE_PARITE.B Now the virus is still regenerating itself creating files on
winnt\temp
folder, I saw the task list and stopped all the suspicious process,
but
the virus still goes on... The virus/hacker created a folder named RADMIN, where he copied these files: r_server.exe admdll.dll hide.reg raddrv.dll pro.bat start.bat Does anyone knows how to remove this virus and avoid this hack vulnerability? Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia
Attachment:
smime.p7s
Description:
Current thread:
- Re: Hacked, (continued)
- Re: Hacked Alen Capalik (Apr 14)
- Re: Hacked Matan Peled (Apr 14)
- RE: Hacked lista (Apr 14)
- Re: Hacked Etapien (Apr 15)
- Re: Hacked matt donovan (Apr 18)
- RE: Hacked Joshua Berry (Apr 14)
- RE: Hacked Jason DeCamp (Apr 14)
- RE: Hacked Steve Scholz (Apr 14)
- RE: Hacked Conlan Adams (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Donald Voss (Apr 14)
- RE: Hacked Paul Marsh (Apr 15)
- RE: Hacked Louie (Apr 18)
- RE: Hacked (...still cleaning) Mauricio Fernandez (Apr 19)
- Re: Hacked (...still cleaning) Thierry Zoller (Apr 20)
- Re: Hacked (...still cleaning) Matan Peled (Apr 20)
- Re: Hacked (...still cleaning) Dave Aronson (Apr 20)
- RE: Hacked (...still cleaning) Nuno Costa (Apr 20)
- Re: Hacked (...still cleaning) Ansgar -59cobalt- Wiechers (Apr 20)
- RE: Hacked Louie (Apr 18)