Security Basics mailing list archives
Re: Hacked again???
From: Christoph 'knurd' Jeschke <christoph.jeschke () gmail com>
Date: Fri, 17 Jun 2005 03:28:40 +0200
Mauricio Fernandez schrieb:
I am not sure, but I think that I was hacked again.
Not really. You "hacked" yourself bei using broken software and not using your brain ;-)
I have a w2k SP4 full patched box
Fine.
with KerioFirewall,
Not so fine. Desktop Firewalls are _not_ useful. They can't reliable control outgoing connections, especially if your run your computer as Administrator (and I guess, you do). In some cases, Desktop Firewalls aka Personal Firewalls are making your system weaker (because there were additional bugs in some firewalls). I guess, you are working in a network with other machines ... so check _every_ machine in your network. And ... get off this lousy "firewalls".
Winproc.exe
<http://it.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&VName=TROJ_PWSIM.A> Please, completely re-setup your machine and, this is important, CHANGE EVERY PASSWORT YOU EVER USED. TROJ_PWSIM.A is a Keylogger, so every password you typed in during the Malware was active, is PROBABLY STOLEN. Read: <http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx>
Msnmsgr.exe
Several possibilities: <http://www.sophos.com/virusinfo/analyses/w32rbotjz.html> < If this is the real intruder, your machine is not longer yours, probably a zombie in a bigger Bot-Net. Now you have really to re-setup your machine.
Does anyone know some attack with this three files combination?
Read the linked pages. Additionally you can use a very good german tool: <http://ntsvcfg.de/ntsvcfg_eng.html> I did really good experiences with this. Most of this $)§@&$-Malware will not harm you anymore - if you operate your computer wisely, of course! Please, read additionally: <http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx> <http://www.microsoft.com/germany/technet/datenbank/articles/600237.mspx> <http://www.microsoft.com/germany/technet/datenbank/articles/600236.mspx> Greetings, Chris
Current thread:
- Hacked again??? Mauricio Fernandez (Jun 15)
- 答复: Hacked again??? Yu Haitao David (Jun 16)
- Re: 答复: Hacked again??? Vijay Vikram (Jun 27)
- Re: Hacked again??? Mark Bassett (Jun 16)
- Re: Hacked again??? zilb (Jun 20)
- Re: Hacked again??? Valentin Höbel (Jun 20)
- Re: Hacked again??? Christoph 'knurd' Jeschke (Jun 21)
- Re: Hacked again??? Ansgar -59cobalt- Wiechers (Jun 27)
- Re: Hacked again??? zilb (Jun 20)
- 答复: Hacked again??? Yu Haitao David (Jun 16)
- <Possible follow-ups>
- Re: Hacked again??? mod . sparda (Jun 16)
- Re: Re: Hacked again??? s . omahony (Jun 17)
- Re: Re: Hacked again??? Phil Cryer (Jun 20)