RE: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features
From: Aditya, ALD [Aditya Lalit Deshmukh] (aditya.deshmukh_at_online.gateway.technolabs.net)
Date: 03/31/04
- Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities"
- In reply to: Alex: "Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features"
- Next in thread: Elia Florio: "Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Alex" <alexs@indefense.com>, <full-disclosure@lists.netsys.com> Date: Wed, 31 Mar 2004 09:32:33 +0530
>
>
> Looks like IRC Backdoor
> check registry:
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run and delete
> entry with regsvc32.exe
> (such as Registration Service = "regsvc32.exe")
> Do the same with
> HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
the port 1025 is good used for binding the task schuduler, is this doing something with the task schuduler. there are plenty of naughty things to do there ....
-aditya
________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: Mandrake Linux Security Team: "[Full-Disclosure] MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities"
- In reply to: Alex: "Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features"
- Next in thread: Elia Florio: "Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
