Security Basics mailing list archives

Re: Question for all

From: "Nick Bennett" <nick () acorndesign co uk>
Date: Tue, 5 Aug 2003 17:02:15 +0100

don't know if this is of any help, but found it through google search :

http://www.symantec.com/avcenter/venc/data/w32.randex.d.html


----- Original Message ----- 
From: "Morton B. Maser" <MBMaser () msn com>
To: "Flory D Jeffrey Contractor 59MDSS/MSISI"
<Jeffrey.Flory2 () LACKLAND AF MIL>; <security-basics () securityfocus com>;
<incidents () securityfocus com>
Cc: "Flory D Jeffrey Contractor 59MDSS/MSISI"
<Jeffrey.Flory2 () LACKLAND AF MIL>
Sent: Tuesday, August 05, 2003 10:57 AM
Subject: Re: Question for all

Haven't heard of it specifically by that name - you might check
http://www.diamondcs.com.au (TDS-3 anti-trojan scanner) or
http://www.nsclean.com (BOClean anti-trojan).  Have you done a scan for
alternate date streams?  Could be hidden that way.

Obviously, if you can identify the trojan or its code (Hackman is always
useful for stuff like that), you may be able to just use the local loop
(127.0.0.1) to send its "kill" command.
----- Original Message ----- 
From: "Flory D Jeffrey Contractor 59MDSS/MSISI"
<Jeffrey.Flory2 () LACKLAND AF MIL>
To: <security-basics () securityfocus com>; <incidents () securityfocus com>
Cc: "Flory D Jeffrey Contractor 59MDSS/MSISI"
<Jeffrey.Flory2 () LACKLAND AF MIL>
Sent: Friday, August 01, 2003 7:22 AM
Subject: Question for all

A friend of mine recently went from Windows ME to Win2K, but now he has

trojan on his computer.  He is running Norton Anti-virus, and it will

not

clean it off, it will only quarentine it.  The affliction is:
Backdoor.Trojan, and it has placed a hidden folder on his hard drive

called:

Payload.Dat.  He cannot get ride of it.  We have tried doing a search on

the

internet for some kind of information pertaining to this, but we had no
luck.  We also tried all the antiviral websites but they do not have a

tool

for this.

My question is:  Has anyone ever heard of this, and if so, how do you

clean

it off.

Thanks in advance for any assistance, anyone can provide.

Jeff


--------------------------------------------------------------------------
-

--------------------------------------------------------------------------
--



--------------------------------------------------------------------------

--------------------------------------------------------------------------

--


The information in this email is confidential, and is intended 
solely for the addressee. Access to this email by anyone else 
is strictly unauthorized. Further, Acorn Design does not accept 
liability for the consequences of anyone acting on the information 
contained in this email before receiving written/signed confirmation. 
The contents of this email does not necessarily represent the 
views of Acorn Design

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Question for all Flory D Jeffrey Contractor 59MDSS/MSISI (Aug 01)
- Re: Question for all Shaun Colley (Aug 01)
- RE: Question for all Cameron Losco (Aug 01)
- Re: Question for all Morton B. Maser (Aug 05)
  - Re: Question for all Nick Bennett (Aug 06)
  - Backdoor.Trojan and payload.dat Lee Seidman (Aug 06)
- Re: Question for all stephen at unix dot za dot net (Aug 08)
- <Possible follow-ups>
- RE: Question for all Jason Armstrong (Aug 01)
- RE: Question for all McCleskey, David (Aug 01)
- Re: Question for all KoRe MeLtDoWn (Aug 01)
  - RE: Question for all Bob Walker (Aug 04)
    - RE: Question for all Glenn Pearl (Aug 04)
- Re: Question for all Chris Berry (Aug 01)
  - Re: Question for all Brad Mills (Aug 04)
- RE: Question for all George Peek (Aug 04)

(Thread continues...)