Security Basics mailing list archives
Re: Hacked (...still cleaning)
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 20 Apr 2005 12:24:20 +0200
On 2005-04-18 Mauricio Fernandez wrote:
One thing I am trying to do is to hide the cmd.exe file to avoid the possibility of running some programs. I searched the file on the hole system and deleted from \system32\ and \I386\ folders, copied into a folder no included on the system path with a different name. But if I invoke cmd.exe, it appears again on \system32\ Does anyone knows how to remove it?
You don't want to remove cmd.exe. Adjust the file's ACLs to fit your needs and you'll be fine. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- RE: Hacked, (continued)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Donald Voss (Apr 14)
- RE: Hacked Paul Marsh (Apr 15)
- RE: Hacked Louie (Apr 18)
- RE: Hacked (...still cleaning) Mauricio Fernandez (Apr 19)
- Re: Hacked (...still cleaning) Thierry Zoller (Apr 20)
- Re: Hacked (...still cleaning) Matan Peled (Apr 20)
- Re: Hacked (...still cleaning) Dave Aronson (Apr 20)
- RE: Hacked (...still cleaning) Nuno Costa (Apr 20)
- Re: Hacked (...still cleaning) Ansgar -59cobalt- Wiechers (Apr 20)
- RE: Hacked Louie (Apr 18)