RE: forcdos.exe = serv-u....

From: Mortis (m0rtis_at_adelphia.net)
Date: 12/10/03

  • Next message: Harlan Carvey: "Re: Strange services.exe file" 
    To: <forensics@securityfocus.com>, <incidents@securityfocus.com>
Date: Tue, 9 Dec 2003 20:38:25 -0500

    It's pretty hard to make sense out of this thread. Too many
    contradictions and assumptions. I know this link was just
    posted, but it's worth a repeat.

    http://www.catb.org/~esr/faqs/smart-questions.html

    > The files have now been accessed and removed.

    Do you know how they got in, and have you corrected it? If
    not, getting a copy of the malware is not your top priority.
    Unplugging the network cable is.

    http://www.honeypots.net/incidents/links

    > In the end, knowing the path, we set up a ftp
    > server on the box, ...

    > also a second method to retrieve the files
    > (cheers Axel) i later found out
    > was to simply use CMD! cd straight into the
    > directory under the com1 dir -
    > and if needed attrib -h and copy to another
    > directory. (easy when u know
    > how,hi)

    Nice of Axel to STFW for you.

    http://www.google.com/search?q=rename+directory+com1
    http://www.google.com/search?q=folder+com1
    http://groups.google.com/groups?q=folder+com1

    I did this last week. I guess I forgot to tell you the
    answer. Early Alzheimer's. ADD. Too fscking lazy.
    Whatever.

    Use \\.\drive:\path\file
    Use posix commands from the win2k resource kit
    Use dir \x to get a long name and use that
    Use a shell port like cygwin
    Use ftp
    Boot Unix from CD and go nuts
    http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q120
    716 

    --
Gratefully dead,
Mortis
---------------------------------------------------------------------------
----------------------------------------------------------------------------
  • Next message: Harlan Carvey: "Re: Strange services.exe file"