Hacked

From: Mauricio Fernandez (mfernandez_at_fdta-valles.org)
Date: 04/14/05

  • Next message: H Carvey: "Re: fport on windows 2003 server"
    To: <security-basics@securityfocus.com>
    Date: Thu, 14 Apr 2005 10:46:04 -0400
    
    
    

    This morning I found a wwwhack window opened on one of my w2k servers,
    antivirus agent was deleted (TrendMicro) and when I reinstall it back, it
    found about 4500 viruses named PE_PARITE.B

    Now the virus is still regenerating itself creating files on winnt\temp
    folder, I saw the task list and stopped all the suspicious process, but
    the virus still goes on...

    The virus/hacker created a folder named RADMIN, where he copied these
    files:
    r_server.exe
    admdll.dll
    hide.reg
    raddrv.dll
    pro.bat
    start.bat

    Does anyone knows how to remove this virus and avoid this hack
    vulnerability?

    Mauricio Fernández S.
    IT Manager
    Tel. 591- 445-25160
    Fax. 591- 441-15056
    mfernandez@fdta-valles.org
    www.fdta-valles.org
    Cochabamba - Bolivia

    
    



  • Next message: H Carvey: "Re: fport on windows 2003 server"

    Relevant Pages

    • Re: [Full-Disclosure] Looking for BKDR_IRCFLOOD.X
      ... when using Trendmicro's Housecall virus scan they ... Trendmicro virus scan is detecting that you are infected with ... is told to you by Trendmicro. ... This obviously only applies if there was actually an infection detected. ...
      (Full-Disclosure)
    • Re: BSOD troubles on WINXP system
      ... Either a computer has comprehensive anti-malware software or it does not. ... 'Comprehensive' anti-malware software scans for all types of malicious software in the background, on demand and on schedule; ... some sort of virus or trojan program as any URLs kept getting hijacked. ... I pinged trendmicro and kaspersky from an other machine to find ...
      (microsoft.public.windowsxp.help_and_support)
    • BSOD troubles on WINXP system
      ... I'm trying to fix a computer for a college ... some sort of virus or trojan program as any URLs kept getting hijacked. ... I pinged trendmicro and kaspersky from an other machine to find ... At next reboot, the machine starts windows, I see ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: WIPED HARD DRIVE CLEAN BY MISTAKE!!!
      ... virus and chances are it will make things worse. ... it might get rid of the virus assuming it is not a boot sector ... if you did only reinstall and you did not use the option during ... a function of the operating system and note, if you are unable to find your ...
      (microsoft.public.windowsxp.general)
    • Re: Computing for Outlook Express in VB.
      ... >> Hello Mike, Here is the implemented version of your program: ... there are lots of free virus scans ... > hardware drivers of course (graphics card, modem and stuff like that). ... reinstall the applications I use like VB 6.0 along with the relatively small ...
      (comp.lang.basic.visual.misc)