Re: Hidden windows ports, files and services.

From: Barrie Dempster (barrie_at_reboot-robot.net)
Date: 12/21/04

  • Next message: Joćo Paulo Caldas Campello: "Re: [VPN] DHCP not working on tinc 1.0.3 for windows"
    To: security-basics@securityfocus.com
    Date: Tue, 21 Dec 2004 10:01:31 +0000
    
    
    

    On Mon, 2004-12-20 at 17:01 -0500, Mark Reis wrote:
    > Hello Again,
    >
    > I've discovered the answer to part 2 - the machine was infected by a
    > root kit

    Good feedback, but can you please tell us.
    1. How you discovered the rootkit
    2. What rootkit it was
    3. Exactly what was modified (if you recorded the information)

    I'd like this out of personal curiosity but it would be beneficial for
    any victims in the future, searching the web for symptoms they have, to
    find a post that explains what is causing it.
    Thanks in advance.

    With Regards..
    Barrie Dempster (zeedo) - Fortiter et Strenue

      http://www.bsrf.org.uk

    [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

    
    



  • Next message: Joćo Paulo Caldas Campello: "Re: [VPN] DHCP not working on tinc 1.0.3 for windows"

    Relevant Pages

    • Re: nouser - rootkit ?
      ... The quality of rootkit used depends ... As for a genuine red herring, ... It's possible that there's another root kit there, ... UUNetwork Security | windowing system have an inherent security disadvantage ...
      (Incidents)
    • Re: Windows XP Virus
      ... the root kit was found "hiding" in the restore volume! ... unless you or the user selected that particular Restore Point. ... The rootkit that you say was "hiding" in the restore point obviously wasn't hidden! ... The whole mode of operation of a root kit is to be undetectable from within Windows. ...
      (microsoft.public.windowsxp.general)
    • Re: Windows XP Virus
      ... the root kit was found "hiding" in the restore volume! ... unless you or the user selected that particular Restore Point. ... The rootkit that you say was "hiding" in the restore point obviously ... that run from within Windows. ...
      (microsoft.public.windowsxp.general)
    • Re: nouser - rootkit ?
      ... seems pretty stupid for a rootkit anyway... ... du> want to be sure no other major changes were made... ... and the real root kit is much better ... This list is provided by the SecurityFocus ARIS analyzer service. ...
      (Incidents)