Security Basics mailing list archives
Re: Hacked (...still cleaning)
From: Matan Peled <chaosite () gmail com>
Date: Tue, 19 Apr 2005 23:56:05 +0300
Mauricio Fernandez wrote:
One thing I am trying to do is to hide the cmd.exe file to avoid the possibility of running some programs. I searched the file on the hole system and deleted from \system32\ and \I386\ folders, copied into a folder no included on the system path with a different name. But if I invoke cmd.exe, it appears again on \system32\ Does anyone knows how to remove it?
I don't believe you can remove it. Windows has a feature intended to keep you from deleting needed system files, and will simply replace this file from a backup if you delete it. -- [Name ] :: [Matan I. Peled ] [Location ] :: [Israel ] [Public Key] :: [0xD6F42CA5 ] [Keyserver ] :: [keyserver.kjsl.com] encrypted/signed plain text preferred
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- RE: Hacked, (continued)
- RE: Hacked Steve Scholz (Apr 14)
- RE: Hacked Conlan Adams (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Donald Voss (Apr 14)
- RE: Hacked Paul Marsh (Apr 15)
- RE: Hacked Louie (Apr 18)
- RE: Hacked (...still cleaning) Mauricio Fernandez (Apr 19)
- Re: Hacked (...still cleaning) Thierry Zoller (Apr 20)
- Re: Hacked (...still cleaning) Matan Peled (Apr 20)
- Re: Hacked (...still cleaning) Dave Aronson (Apr 20)
- RE: Hacked (...still cleaning) Nuno Costa (Apr 20)
- Re: Hacked (...still cleaning) Ansgar -59cobalt- Wiechers (Apr 20)
- RE: Hacked Louie (Apr 18)