Re: Hacked

From: xyberpix (xyberpix_at_xyberpix.com)
Date: 04/14/05

Next message: Dan Lynch: "Re: Folder Permissions Tool"

Previous message: Mauricio Fernandez: "RE: Hacked"
In reply to: Mauricio Fernandez: "Hacked"
Next in thread: Donald Voss: "Re: Hacked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 14 Apr 2005 20:23:34 +0100
To: <mfernandez@fdta-valles.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Mauricio,

Can you please provide some more info on the server in question?

Namely:

OS:
Patches and Service Packs installed:
How was it configured(IIS, FTP,Exchange, etc)?:
Was it fiewalled at all, or sitting right on the Net?:

Basically as much info as possible would be helpful on this one.

xyberpix

On 14 Apr 2005, at 15:46, Mauricio Fernandez wrote:

> This morning I found a wwwhack window opened on one of my w2k servers,
> antivirus agent was deleted (TrendMicro) and when I reinstall it back,
> it
> found about 4500 viruses named PE_PARITE.B
>
> Now the virus is still regenerating itself creating files on winnt\temp
> folder, I saw the task list and stopped all the suspicious process, but
> the virus still goes on...
>
> The virus/hacker created a folder named RADMIN, where he copied these
> files:
> r_server.exe
> admdll.dll
> hide.reg
> raddrv.dll
> pro.bat
> start.bat
>
> Does anyone knows how to remove this virus and avoid this hack
> vulnerability?
>
>
> Mauricio Fernández S.
> IT Manager
> Tel. 591- 445-25160
> Fax. 591- 441-15056
> mfernandez@fdta-valles.org
> www.fdta-valles.org
> Cochabamba - Bolivia
>
>
For Security And Open Source News And Info Visit:
http://www.xyberpix.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFCXsM2cRMkOnlkwMERArecAJ9Dh3DWhMF94C+s78FGUuQi27dxzwCdGCci
b8QxXExQX3G//q1vOrLHRUE=
=K4mA
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals. Norwich University is fulfilling this demand with its MS in
Information Security offered online. Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

Next message: Dan Lynch: "Re: Folder Permissions Tool"

Previous message: Mauricio Fernandez: "RE: Hacked"
In reply to: Mauricio Fernandez: "Hacked"
Next in thread: Donald Voss: "Re: Hacked"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Hacked
... the virus still goes on... ... The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ...
(Security-Basics)
RE: Hacked
... but the virus still goes on... ... > The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ... Organizations worldwide are in need of highly qualified information security professionals. ...
(Security-Basics)
Re: Hacked
... > the virus still goes on... ... > The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ... Organizations worldwide are in need of highly qualified information security professionals. ...
(Security-Basics)
Re: Hacked
... >the virus still goes on... ... >The virus/hacker created a folder named RADMIN, ... Earn your MS in Information Security ONLINE ...
(Security-Basics)
Re: Hacked
... format the entire system and reinstall everything. ... > the virus still goes on... ... Earn your MS in Information Security ONLINE ...
(Security-Basics)