Re: mIRC trojan

From: Charlie Tame (charlie@tames.net)
Date: 08/27/02 

From: "Charlie Tame" <charlie@tames.net>
Date: Mon, 26 Aug 2002 22:39:49 -0500

Don't know if this helps, if not searching google or some place might...

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.h
tml

Not being lazy Jason, just pointing to something which has been researched
better than I could do.

Charlie

"Jason" <jaysonh77@hotmail.com> wrote in message
news:870e01c24d4a$beb50c10$a5e62ecf@tkmsftngxa07...
> Came into work today and found a few computers with
> IRC/flood.i Virus on it. I finally narrowed it down to one
> computer and found that when rebooted mIRC would start up.
> These computers do not use e-mail they are though mapped
> to network drives. The one that has mIRC on it is a
> Windows 2000 machine and all it does is run FileMaker pro.
> How did that program get installed on the computer and how
> can I trace it out. I checked the creation date on it and
> it was created when no one was in the office. Can it be
> that it got hacked? And if so how do you read the logs to
> find out anything. We disabled the program but I know that
> doesn't do anything since it seem that they logged in some
> how... Can someone help ?? Don't know if this helps any
> but I also read the event logs and on the date that it was
> created there are a quite a few things like LSA/SAM stuff.

Relevant Pages

  • Re: GPO causing client security logs to fill?
    ... What bothers me is that if this policy, ... into from other computers. ... When I view the event logs through server management the ... All event logs should be set to a decent size (about 20MB at ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO causing client security logs to fill?
    ... Settings/Security Settings/Event Log/Maximum Security Log Size was not set ... It appears that the two most problematic computers are those that are ... and the other is a server for our accounting program. ... All event logs should be set to a decent size (about 20MB at minimum, ...
    (microsoft.public.windows.server.sbs)
  • Re: GPO causing client security logs to fill?
    ... Settings/Security Settings/Event Log/Maximum Security Log Size was ... into from other computers. ... When I view the event logs through server management the ... All event logs should be set to a decent size (about 20MB at ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot change user passwords in SBS 2003
    ... of the system and directory services event logs. ... own password from the workstations. ... Users cannot change passwords from their computers either. ... And also there is no relevant error in the event logs. ...
    (microsoft.public.windows.server.sbs)
  • Re: RDP Clients being dropped
    ... The only error in the event logs is Event ID 3019 MRxSmb which may or may not ... be related to our mapped drives. ... these computers have no drives ... these clients from losing their connection. ...
    (microsoft.public.windows.terminal_services)
Quantcast