RE: Hacked

From: Joshua Berry (jberry_at_PENSON.COM)
Date: 04/14/05

  • Next message: Steve Scholz: "RE: Hacked"
    Date: Thu, 14 Apr 2005 13:29:10 -0500
    To: <mfernandez@fdta-valles.org>, <security-basics@securityfocus.com>
    
    
    

    Radmin is not a virus, that is a remote control utility like VNC or
    PCAnywhere (except it is free I believe).

    -----Original Message-----
    From: Mauricio Fernandez [mailto:mfernandez@fdta-valles.org]
    Sent: Thursday, April 14, 2005 9:46 AM
    To: security-basics@securityfocus.com
    Subject: Hacked

    This morning I found a wwwhack window opened on one of my w2k servers,
    antivirus agent was deleted (TrendMicro) and when I reinstall it back,
    it
    found about 4500 viruses named PE_PARITE.B

    Now the virus is still regenerating itself creating files on winnt\temp
    folder, I saw the task list and stopped all the suspicious process, but
    the virus still goes on...

    The virus/hacker created a folder named RADMIN, where he copied these
    files:
    r_server.exe
    admdll.dll
    hide.reg
    raddrv.dll
    pro.bat
    start.bat

    Does anyone knows how to remove this virus and avoid this hack
    vulnerability?

    Mauricio Fernández S.
    IT Manager
    Tel. 591- 445-25160
    Fax. 591- 441-15056
    mfernandez@fdta-valles.org
    www.fdta-valles.org
    Cochabamba - Bolivia

    
    



  • Next message: Steve Scholz: "RE: Hacked"

    Relevant Pages

    • Re: Hacked
      ... > the virus still goes on... ... > The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • RE: Hacked
      ... It's likely the remote admin tools were the payload of the virus. ... The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • Re: Infecting a network with PC Anywhere?
      ... unintended for virus attack or infection. ... PCAnywhere is a good product for non-secure access. ... but so would any other form of file transfer. ...
      (comp.security.firewalls)
    • RE: Hacked
      ... the virus still goes on... ... The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • RE: Hacked
      ... but the virus still goes on... ... > The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ... Organizations worldwide are in need of highly qualified information security professionals. ...
      (Security-Basics)