Security Basics mailing list archives
Re: Hacked
From: xyberpix <xyberpix () xyberpix com>
Date: Thu, 14 Apr 2005 20:23:34 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Mauricio, Can you please provide some more info on the server in question? Namely: OS: Patches and Service Packs installed: How was it configured(IIS, FTP,Exchange, etc)?: Was it fiewalled at all, or sitting right on the Net?: Basically as much info as possible would be helpful on this one. xyberpix On 14 Apr 2005, at 15:46, Mauricio Fernandez wrote:
This morning I found a wwwhack window opened on one of my w2k servers,antivirus agent was deleted (TrendMicro) and when I reinstall it back, itfound about 4500 viruses named PE_PARITE.B Now the virus is still regenerating itself creating files on winnt\temp folder, I saw the task list and stopped all the suspicious process, but the virus still goes on... The virus/hacker created a folder named RADMIN, where he copied these files: r_server.exe admdll.dll hide.reg raddrv.dll pro.bat start.bat Does anyone knows how to remove this virus and avoid this hack vulnerability? Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia
For Security And Open Source News And Info Visit: http://www.xyberpix.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFCXsM2cRMkOnlkwMERArecAJ9Dh3DWhMF94C+s78FGUuQi27dxzwCdGCci b8QxXExQX3G//q1vOrLHRUE= =K4mA -----END PGP SIGNATURE----- --------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- Re: Hacked, (continued)
- Re: Hacked Alvaro Prieto (Apr 14)
- Re: Hacked Ramon Kagan (Apr 14)
- Re: Hacked confi dential (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Dr.Chandra (Apr 15)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Markus Pieton (Apr 14)
- Re: Hacked Jacob Bresciani (Apr 14)
- Re: Hacked Ansgar -59cobalt- Wiechers (Apr 18)
- Re: Hacked Nathaniel Hall (Apr 14)
- Re: Hacked Valentin Höbel (Apr 14)
- Re: Hacked xyberpix (Apr 14)
- Re: Hacked Alen Capalik (Apr 14)
- Re: Hacked Matan Peled (Apr 14)
- RE: Hacked lista (Apr 14)
- Re: Hacked Etapien (Apr 15)
- Re: Hacked matt donovan (Apr 18)
- RE: Hacked Joshua Berry (Apr 14)
- RE: Hacked Jason DeCamp (Apr 14)
- RE: Hacked Steve Scholz (Apr 14)
- RE: Hacked Conlan Adams (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
(Thread continues...)