Security Basics mailing list archives
Re: 答复: Hacked again???
From: Vijay Vikram <karpagamekapali () gmail com>
Date: Mon, 27 Jun 2005 12:36:38 +0530
More information on the "good" processess running in the computer - DLLs and EXEs can be seen in http://www.processlibrary.com/ If the process is not listed in here , we can also run the http://www.sysinternals.com/Utilities/ProcessExplorer.html to find the veracity of the same. Finally as Yu Haitao David pointed , a HijackFix scan will yeild results to remove the "bad" stuff regards KKDU On 6/16/05, Yu Haitao David <davidyu () tencent com> wrote:
check via googling... winproc.exe ---- from http://www.trojaner-board.de/showthread.php?t=2153, it must be a brwoser hijacker, use spyware tools to remove it Rpcservice.exe ------ no useful information, but from its name, must be a RPC server/client. mostly used in many trojans msnmsgr.exe ------- if you are soure of that it is NOT from microsoft, then it IS the malicious process. what these three combination could do? hm, if they are really worked together, your PC might be trojaned or zombied, maybe totally controlled by someone else. you may solve this in the following steps: 1. using spyware removing tools, such as HijackThis, to check registry, delete obvious suspecious entry. especially in RUN; 2. reboot to Safe Mode, delete those files listed; 3. using some browser fixing tools, such as TweakUI, to restore your browser settings. hope it helped. -----邮件原件----- 发件人: Mauricio Fernandez [mailto:mfernandez () fdta-valles org] 发送时间: 2005年6月15日 6:20 收件人: security-basics () securityfocus com 主题: Hacked again??? Hi… I am not sure, but I think that I was hacked again. I have a w2k SP4 full patched box with KerioFirewall, and this morning I found three running process on it: Winproc.exe Rpcservice.exe Msnmsgr.exe The last one it is not the Messenger from Microsoft… I google those file names, but all I found was in Japanese/Hebrew or something... Does anyone know some attack with this three files combination? TIA Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia
Current thread:
- Hacked again??? Mauricio Fernandez (Jun 15)
- 答复: Hacked again??? Yu Haitao David (Jun 16)
- Re: 答复: Hacked again??? Vijay Vikram (Jun 27)
- Re: Hacked again??? Mark Bassett (Jun 16)
- Re: Hacked again??? zilb (Jun 20)
- Re: Hacked again??? Valentin Höbel (Jun 20)
- Re: Hacked again??? Christoph 'knurd' Jeschke (Jun 21)
- Re: Hacked again??? Ansgar -59cobalt- Wiechers (Jun 27)
- Re: Hacked again??? zilb (Jun 20)
- 答复: Hacked again??? Yu Haitao David (Jun 16)
- <Possible follow-ups>
- Re: Hacked again??? mod . sparda (Jun 16)
- Re: Re: Hacked again??? s . omahony (Jun 17)
- Re: Re: Hacked again??? Phil Cryer (Jun 20)