Backdoor.berbew.p now totally paranoid
From: Alex Potter (apotter_at_videotron.ca)
Date: 01/27/05
- Next message: David H. Lipman: "Re: Backdoor.berbew.p now totally paranoid"
- Previous message: Ian Kenefick: "Re: Lexus Landcruiser 100s Are Vulnerable to CellPhone Viruses"
- Next in thread: David H. Lipman: "Re: Backdoor.berbew.p now totally paranoid"
- Reply: David H. Lipman: "Re: Backdoor.berbew.p now totally paranoid"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 27 Jan 2005 15:09:17 -0500
Hi there,
I had a post going on w2k general but David Lipman(Thank you David) pointed
me to this news group.
I recently(yesterday) recovered from a Backdoor.Berber.P attack which has
left me completely paranoid...So
I did a search of my system of files that have been modified within the last
month & have been slowly(1082 files)
checking to see if the modification makes sense!!!
I just came across a dll file(wszt3t2.dll) that was created on the 24th,
modified yesterday, and access today.
(today access could have been me)
So I opened it up in ultraedit and to my surprise it contains a text list of
urls with usernames etc - a small list follows:
<pop.videotron.ca> pop.videotron.ca relais.videotron.ca Alex
Potter<username> () vldghgoc:temp01
[http://lc3.law13.hotmail.passport.com/cgi-bin/login]
username:,username:,username:
[http://localhost/dir/] username:
[https://www.leevalley.com/home/shopLogin.asp] username:password
Now I'm kindof nervous
Any thoughts???
TIA
Alex Potter
- Next message: David H. Lipman: "Re: Backdoor.berbew.p now totally paranoid"
- Previous message: Ian Kenefick: "Re: Lexus Landcruiser 100s Are Vulnerable to CellPhone Viruses"
- Next in thread: David H. Lipman: "Re: Backdoor.berbew.p now totally paranoid"
- Reply: David H. Lipman: "Re: Backdoor.berbew.p now totally paranoid"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
