Re: Security issue with MS Exchange and Windows 2003 Server

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 11/29/05

• Next message: Darrin S: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Previous message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• In reply to: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Next in thread: Darrin S: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 28 Nov 2005 23:41:27 -0500

From: "ITTester" <ITTester@discussions.microsoft.com>

| Thks Darrin for your suggestion, but hackdef is not a spyware but an
| trojan/backdoor virus. The intention of the creator of hackdef is to detect
| and defense any attempt to remove the hack tools. the virus will be activated
| when you attempt to patch the server, the virus will temporally delete, hide
| and replace some registry entries and windows files so you will not able to
| use or to reboot when you attempt to remove. files as cmd.exe, net.exe,
| spool.exe,.. are replaced.

Either it is a virus or it is a Trojan. They are two separate sub-classes of malware.
Viruses self replicate. Trojans don't.
So you don't have a "trojan/backdoor virus." What you may have is a Backdoor Trojan.

We still need to determine WHAT you have as you have not specifically defined what anti
virus found what infector.

You said something about a RootKit. Darrin's reply was apropos *if* you are infected with a
RootKit. Additionally there is the Sysinternals utility RootKit Revealer --
http://www.sysinternals.com/Utilities/RootkitRevealer.html

Please don't diismiss Darrin's suggestion adhoc.

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

---

• Next message: Darrin S: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Previous message: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• In reply to: ITTester: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Next in thread: Darrin S: "Re: Security issue with MS Exchange and Windows 2003 Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Intergrate Publisher with Front Page ... Some here in OZ has suggested a virus or spyware etc.. ... >> Publisher to erase from a web site document but I had something happening ... >> images on the uploaded web site stuck but on the file on my PC they would ... To vote for this suggestion, ... (microsoft.public.publisher.webdesign) Re: Security issue with MS Exchange and Windows 2003 Server ... little info about hackdef. ... I was very curious about this rootkit so I went into the root of where this ... this rootkit is been use by many other creator of virus and trojan as I ... > Since different AV vendors often name the same infector differently, ... (microsoft.public.security.virus) Re: activex ... >but i still cannot recieve windows updates or do online ... i cannot sucessfully run a virus scan on this ... my only suggestion would be to play with ... (microsoft.public.security.virus) Re: Random Restarts Out Of Nowhere ... You're welcome for your suggestion, I'm sorry it didn't really help. ... and restart the PC. ... -Tony Norman ... I did run a virus scan and nothing ... (microsoft.public.windowsxp.general) Re: Outlook 2002 should let me update the Adult Content filter. ... Milly Staples [MVP - Outlook] ... the (insert latest virus name here) virus, all mail sent to my personal ... | This post is a suggestion for Microsoft, ... To vote for this suggestion, ... (microsoft.public.officeupdate)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security.virus  > 2005-11