RE: Hacked

• Previous message: Alvaro Prieto: "Re: Hacked"
• Maybe in reply to: Mauricio Fernandez: "Hacked"
• Next in thread: Jason DeCamp: "RE: Hacked"
• Reply: Jason DeCamp: "RE: Hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 14 Apr 2005 13:29:10 -0500
To: <mfernandez@fdta-valles.org>, <security-basics@securityfocus.com>

Radmin is not a virus, that is a remote control utility like VNC or
PCAnywhere (except it is free I believe).

-----Original Message-----
From: Mauricio Fernandez [mailto:mfernandez@fdta-valles.org]
Sent: Thursday, April 14, 2005 9:46 AM
To: security-basics@securityfocus.com
Subject: Hacked

This morning I found a wwwhack window opened on one of my w2k servers,
antivirus agent was deleted (TrendMicro) and when I reinstall it back,
it
found about 4500 viruses named PE_PARITE.B

Now the virus is still regenerating itself creating files on winnt\temp
folder, I saw the task list and stopped all the suspicious process, but
the virus still goes on...

The virus/hacker created a folder named RADMIN, where he copied these
files:
r_server.exe
admdll.dll
hide.reg
raddrv.dll
pro.bat
start.bat

Does anyone knows how to remove this virus and avoid this hack
vulnerability?

Mauricio Fernández S.
IT Manager
Tel. 591- 445-25160
Fax. 591- 441-15056
mfernandez@fdta-valles.org
www.fdta-valles.org
Cochabamba - Bolivia

• application/x-pkcs7-signature attachment: smime.p7s

• Previous message: Alvaro Prieto: "Re: Hacked"
• Maybe in reply to: Mauricio Fernandez: "Hacked"
• Next in thread: Jason DeCamp: "RE: Hacked"
• Reply: Jason DeCamp: "RE: Hacked"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]