Security Basics mailing list archives
Re: Question for all
From: "Nick Bennett" <nick () acorndesign co uk>
Date: Tue, 5 Aug 2003 17:02:15 +0100
don't know if this is of any help, but found it through google search : http://www.symantec.com/avcenter/venc/data/w32.randex.d.html ----- Original Message ----- From: "Morton B. Maser" <MBMaser () msn com> To: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL>; <security-basics () securityfocus com>; <incidents () securityfocus com> Cc: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL> Sent: Tuesday, August 05, 2003 10:57 AM Subject: Re: Question for all
Haven't heard of it specifically by that name - you might check http://www.diamondcs.com.au (TDS-3 anti-trojan scanner) or http://www.nsclean.com (BOClean anti-trojan). Have you done a scan for alternate date streams? Could be hidden that way. Obviously, if you can identify the trojan or its code (Hackman is always useful for stuff like that), you may be able to just use the local loop (127.0.0.1) to send its "kill" command. ----- Original Message ----- From: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL> To: <security-basics () securityfocus com>; <incidents () securityfocus com> Cc: "Flory D Jeffrey Contractor 59MDSS/MSISI" <Jeffrey.Flory2 () LACKLAND AF MIL> Sent: Friday, August 01, 2003 7:22 AM Subject: Question for allA friend of mine recently went from Windows ME to Win2K, but now he has
a
trojan on his computer. He is running Norton Anti-virus, and it will
not
clean it off, it will only quarentine it. The affliction is: Backdoor.Trojan, and it has placed a hidden folder on his hard drivecalled:Payload.Dat. He cannot get ride of it. We have tried doing a search ontheinternet for some kind of information pertaining to this, but we had no luck. We also tried all the antiviral websites but they do not have atoolfor this. My question is: Has anyone ever heard of this, and if so, how do youcleanit off. Thanks in advance for any assistance, anyone can provide. Jeff-------------------------------------------------------------------------- - -------------------------------------------------------------------------- ----------------------------------------------------------------------------
-
--------------------------------------------------------------------------
--
The information in this email is confidential, and is intended solely for the addressee. Access to this email by anyone else is strictly unauthorized. Further, Acorn Design does not accept liability for the consequences of anyone acting on the information contained in this email before receiving written/signed confirmation. The contents of this email does not necessarily represent the views of Acorn Design --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Question for all Flory D Jeffrey Contractor 59MDSS/MSISI (Aug 01)
- Re: Question for all Shaun Colley (Aug 01)
- RE: Question for all Cameron Losco (Aug 01)
- Re: Question for all Morton B. Maser (Aug 05)
- Re: Question for all Nick Bennett (Aug 06)
- Backdoor.Trojan and payload.dat Lee Seidman (Aug 06)
- Re: Question for all stephen at unix dot za dot net (Aug 08)
- <Possible follow-ups>
- RE: Question for all Jason Armstrong (Aug 01)
- RE: Question for all McCleskey, David (Aug 01)
- Re: Question for all KoRe MeLtDoWn (Aug 01)
- RE: Question for all Bob Walker (Aug 04)
- RE: Question for all Glenn Pearl (Aug 04)
- RE: Question for all Bob Walker (Aug 04)
- Re: Question for all Chris Berry (Aug 01)
- Re: Question for all Brad Mills (Aug 04)
- RE: Question for all George Peek (Aug 04)
(Thread continues...)