Re: bindfile.exe

From: Sami Sihvonen (ss@janiika.com)
Date: 06/26/02

• Next message: Bernie M: "Re: Website Hacking Attempt - letting the IP Block owners know?"
• Previous message: Sami Sihvonen: "Re: Website Hacking Attempt - letting the IP Block owners know?"
• In reply to: Tracker: "Re: bindfile.exe"
• Next in thread: HC: "Re: bindfile.exe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Sami Sihvonen <ss@janiika.com>
Date: Wed, 26 Jun 2002 13:08:23 +0300

In article <3D14150C.C174632@attbi.com>,
Tracker <TheTrackers@attbi.com> wrote:

>> I found a program called bindfile.exe installed (recently) in the
>> winnt/system32 directory of one our NT 4.0 servers. It was also
>> running on startup. I can find no documentation (indeed a google
>> seach turns up virtually nothing) and I suspect that someone here
> Sounds like you have an un-invited visitor on your system.

I got interested about this thing. Google does not give any useful
info about binary file called that. My contacts did not know anything
about this. And some of those people hack stuff like this daily and
they usually know things like this. I would like to have copy of that
file and hack it to pieces with debugger. This sounds _very_ bad.

To the orginal poster of this question I would say that find where
that file came from? I don't know about Microsoft systems that much,
but they should have some logfiles? Read them. Ask your ISP for
logfiles? You should be able to see where it came from.

And if that machine or your local network where it has access has
something important, take that server off-line right now. Don't keep
it on-line before you solve this thing. This might be serious security
leak, you are better to be safe than sorry...

---

• Next message: Bernie M: "Re: Website Hacking Attempt - letting the IP Block owners know?"
• Previous message: Sami Sihvonen: "Re: Website Hacking Attempt - letting the IP Block owners know?"
• In reply to: Tracker: "Re: bindfile.exe"
• Next in thread: HC: "Re: bindfile.exe"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: bindfile.exe ... >> winnt/system32 directory of one our NT 4.0 servers. ... I can find no documentation (indeed a google ... file and hack it to pieces with debugger. ... but they should have some logfiles? ... (comp.security.misc) Re: Google Bobbles NSA wiretap searches ... search terms then visit later over IRC or other non-ng pipeline? ... "hit Google news servers". ... DNS management. ... (comp.os.linux.security) Re: Way OT: OpenDNS ... they redirect google queries through their own servers and return ads ... Maybe it's time to get a new ISP. ... roughly 800Mbit of internet bandwidth which comes out ... I've run my own name servers for about 12 ... (Debian-User) Re: working storage values ... Google runs 450,000 servers. ... a standard Google Cluster ... It's running their own cluster operating system. ... (comp.lang.cobol) Re: Intel abandons USEnet news ... Intel abandoning internal new servers. ... information services, ... It is the PC versus Google. ... I use "Google" as representative of web based computing ... (comp.arch)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2002-06