Security Incidents mailing list archives

forcdos.exe = serv-u....

From: "Craig Broad" <craig () broadband-computers com>
Date: Mon, 8 Dec 2003 21:57:27 -0000

Hi All,

Many thanks for all who responded!!

The files have now been accessed and removed.

In the end, knowing the path, we set up a ftp server on the box, with the
root directory one level up from the com1 directory.  only one file was
visable which was Santa Fe Stucco.bmp.  knowing there was at least one
called forcdos.exe, this too was pulled, also another called Rhododenron.bmp
(note spelling).  the santa..file turned out to be a serv-u log file, which
produced the names of 2 dll files, Rhododenron.bmp turned out to be a serv-u
.ini file, which gave the warez group responsable,  it defaulted to the 2
given ports ( in Rhododenron.bmp/serv-u/.ini), and gave a user list.

The files base itself was in the old friend the recycler bin.

also a second method to retrieve the files (cheers Axel)  i later found out
was to simply use CMD!  cd straight into the directory under the com1 dir -
and if needed attrib -h and copy to another directory.   (easy when u know
how,hi)

file directory output:

08/12/2003  21:51       <DIR>          .
08/12/2003  21:51       <DIR>          ..
27/10/2003  00:43                   91 beldir.dll
27/10/2003  00:43                  772 belsnof.vxd
27/10/2003  00:43                1,709 belsnon.vxd
27/10/2003  00:43               24,096 crc.exe
27/10/2003  00:44               35,840 kill.exe
27/10/2003  00:45              675,840 libeay32.dll
27/10/2003  00:45               34,304 pulist.exe
27/10/2003  00:45                  316 reg.reg
08/12/2003  15:36                3,140 Rhododenron.bmp
08/12/2003  15:37                  913 Santa Fe Stucco.bmp
27/10/2003  00:45              151,552 ssleay32.dll
27/10/2003  00:45               36,864 tzolibr.dll
27/10/2003  00:45               32,768 uptime.exe
27/10/2003  00:45               50,688 vasrtc.dll
27/10/2003  00:45                   99 vasrtc.ini
27/10/2003  00:45               57,856 vbsrtc.dll
27/10/2003  00:45                  105 vbsrtc.ini
              18 File(s)      1,106,953 bytes

anyhow.......

again many thanks to all who helped.

All file are available upon request.




-----------
Craig Broad


---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

forcdos.exe = serv-u.... Craig Broad (Dec 08)
- RE: forcdos.exe = serv-u.... Ross Lettau (Dec 09)
- RE: forcdos.exe = serv-u.... Mortis (Dec 09)