RE: ?hack cause?

From: Andy Gabor (ajgabor@ucdavis.edu)
Date: 03/31/02


From: Andy Gabor <ajgabor@ucdavis.edu>
Date: Sun, 31 Mar 2002 13:28:14 -0800
To: focus-sun@securityfocus.com


For those that asked for strings output of login trojan...

strings /usr/bin/login.hack
DISPLAY
/bin/.login
tame
/bin/csh

For those that asked for copy of trojan - It will be in the mail soon.

Cheers,

Andy
=====================================================================
Andy Gabor - Department of Neurology, University of California, Davis
ajgabor@ucdavis.edu (530)754-5036 (FAX)



Relevant Pages

  • Re: Password pretyped
    ... If not an application/process/service is causing it to ... and use something like process Explorer from SysInternals to see if you ... to do including links to trojan scan programs. ... that he must not enter his password to login the system. ...
    (microsoft.public.security)
  • Re: Running Login Script Problems
    ... You will need to place it on all domain controllers, ... controller could be performing the login. ... >> Have you replicated the login script to all your DCs' netlogon shares? ... >> someone to place a trojan on one of the PCs to gain domain admin rights. ...
    (microsoft.public.win2000.networking)
  • login illegal operation problem
    ... when i try to login to password protected sites,ie e bay,i get illegal ... embedded.ran adaware,cw shredder and spybot as i had some coolshader virus ... or trojan horse.microsoft is unable to figure it out.and its their ...
    (microsoft.public.internet.explorer.ieak)
  • FakeAlert/Trojan and now cant login
    ... I tried to get ird of the trojan and then when I rebooted, ... I never had a login to begin with. ... I know the virus is still in there but it should not have ...
    (microsoft.public.windowsxp.perform_maintain)
  • Cannot login to XP Professional
    ... After reboot I cannot login to my XP computer, it tries to login itself and ... rejects the password - then tries again in a loop. ... Seems like some virus / trojan etc but none detected ...
    (microsoft.public.windowsxp.general)