Security Basics mailing list archives
RE: Hacked
From: "Mauricio Fernandez" <mfernandez () fdta-valles org>
Date: Thu, 14 Apr 2005 14:50:01 -0400
Yes, that was exactly what I do and the virus was removed... Now, I need to realize the way that the hacker put that on my server... Thanks... Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia -----Original Message----- From: P. Rodriguez [mailto:prodriguez () deltum com] Sent: Thursday, April 14, 2005 2:31 PM To: mfernandez () fdta-valles org Subject: RE: Hacked Importance: High Try this: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PE_PARITE. B Got it from http://www.experts-exchange.com/Security/Win_Security/Q_20676310.html, which is #2 when you google for 'pe_parite.b'. -----Original Message----- From: Mauricio Fernandez [mailto:mfernandez () fdta-valles org] Sent: Thursday, April 14, 2005 10:46 PM To: security-basics () securityfocus com Subject: Hacked This morning I found a wwwhack window opened on one of my w2k servers, antivirus agent was deleted (TrendMicro) and when I reinstall it back, it found about 4500 viruses named PE_PARITE.B Now the virus is still regenerating itself creating files on winnt\temp folder, I saw the task list and stopped all the suspicious process, but the virus still goes on... The virus/hacker created a folder named RADMIN, where he copied these files: r_server.exe admdll.dll hide.reg raddrv.dll pro.bat start.bat Does anyone knows how to remove this virus and avoid this hack vulnerability? Mauricio Fernández S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia
Attachment:
smime.p7s
Description:
Current thread:
- Re: Hacked, (continued)
- Re: Hacked xyberpix (Apr 14)
- Re: Hacked Alen Capalik (Apr 14)
- Re: Hacked Matan Peled (Apr 14)
- RE: Hacked lista (Apr 14)
- Re: Hacked Etapien (Apr 15)
- Re: Hacked matt donovan (Apr 18)
- RE: Hacked Joshua Berry (Apr 14)
- RE: Hacked Jason DeCamp (Apr 14)
- RE: Hacked Steve Scholz (Apr 14)
- RE: Hacked Conlan Adams (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Donald Voss (Apr 14)
- RE: Hacked Paul Marsh (Apr 15)
- RE: Hacked Louie (Apr 18)
- RE: Hacked (...still cleaning) Mauricio Fernandez (Apr 19)
- Re: Hacked (...still cleaning) Thierry Zoller (Apr 20)
- Re: Hacked (...still cleaning) Matan Peled (Apr 20)
- Re: Hacked (...still cleaning) Dave Aronson (Apr 20)
- RE: Hacked (...still cleaning) Nuno Costa (Apr 20)
- RE: Hacked Louie (Apr 18)