Security Basics mailing list archives

Re: Hacked (...still cleaning)

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 20 Apr 2005 12:24:20 +0200

On 2005-04-18 Mauricio Fernandez wrote:

One thing I am trying to do is to hide the cmd.exe file to avoid the
possibility of running some programs. I searched the file on the hole
system and deleted from \system32\ and \I386\ folders, copied into a
folder no included on the system path with a different name. But if I
invoke cmd.exe, it appears again on \system32\

Does anyone knows how to remove it?


You don't want to remove cmd.exe. Adjust the file's ACLs to fit your
needs and you'll be fine.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

RE: Hacked, (continued)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Donald Voss (Apr 14)
- RE: Hacked Paul Marsh (Apr 15)
  - RE: Hacked Louie (Apr 18)
    - RE: Hacked (...still cleaning) Mauricio Fernandez (Apr 19)
    - Re: Hacked (...still cleaning) Thierry Zoller (Apr 20)
    - Re: Hacked (...still cleaning) Matan Peled (Apr 20)
    - Re: Hacked (...still cleaning) Dave Aronson (Apr 20)
    - RE: Hacked (...still cleaning) Nuno Costa (Apr 20)
    - Re: Hacked (...still cleaning) Ansgar -59cobalt- Wiechers (Apr 20)