Re: New Trojan

From: Jay Castaldo (fupayme2003_at_hotmail.com)
Date: 10/26/03

  • Next message: Damian Gerow: "Re: New Trojan" 
    Date: 26 Oct 2003 13:27:42 -0000
To: incidents@securityfocus.com
    ('binary' encoding is not supported, stored as-is) In-Reply-To: <5.1.0.14.0.20031026114925.00ae1980@pop.netspace.net.au>

    Thanks for all the help everybody, I have definately learned something new today about the good old Windows systems and NTFS. I'm just very curious how it got on my computer to begin with, but on to the fix action. I was so mind boggled and bothered about this on my machine, I almost (keyword) reloaded my entire machine, but as somebody mentioned earlier about a rundll command and walla done. I can't believe it was that simple. The funny thing about it, no anti viral tools or anti trojan tools would work period just because I think as somebody already stated it was using an ADS which apparently is a great way to hide new trojans on any NTFS machine. This forum is by far a great tool to learn something new everyday and I definately have learned something. Thank you for all your input.

    ---------------------------------------------------------------------------
    Network with over 10,000 of the brightest minds in information security
    at the largest, most highly-anticipated industry event of the year.
    Don't miss RSA Conference 2004! Choose from over 200 class sessions and
    see demos from more than 250 industry vendors. If your job touches
    security, you need to be here. Learn more or register at
    http://www.securityfocus.com/sponsor/RSA_incidents_031023
    and use priority code SF4.
    ----------------------------------------------------------------------------

  • Next message: Damian Gerow: "Re: New Trojan"

    Relevant Pages

    • RE: New Trojan
      ... and discovered that there is an option to scan ADS, ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • Foundry switch and VLAN hopping
      ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Pen-Test)
    • Re: Nmap output
      ... most highly-anticipated industry event of the year. ... Choose from over 200 class sessions and ... Network with over 10,000 of the brightest minds in information security ...
      (Pen-Test)
    • RE: New Trojan
      ... Subject: New Trojan ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ...
      (Incidents)
    • RE: Large increase in port 27347
      ... Network Administrator ... Network with over 10,000 of the brightest minds in information security ... most highly-anticipated industry event of the year. ... and use priority code SF4. ...
      (Incidents)