Hack ntoskrnl.exe
From: Jethro (nobody@home.com)
Date: 07/03/02
- Next message: Jonathan Kay [MVP]: "Re: Windows Messenger Quits as Soon as opened. Need help."
- Previous message: ds: "reinstall means no access to partition with NFTS"
- In reply to: Hacked: "Hack ntoskrnl.exe"
- Next in thread: Hass: "Hack ntoskrnl.exe"
- Reply: Hass: "Hack ntoskrnl.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jethro" <nobody@home.com> Date: Wed, 3 Jul 2002 08:20:00 -0700
Could be a virus. Ran a virus search at TrendMicro with
the keyword "ntoskrnl.exe" and it returned "bolzano" virus
variants with a payload similar to what you described. To
be on the sure side run TrendMicro's free online virus
scanner HouseCall found at http://housecall.antivirus.com
and let us know what you find.
>-----Original Message-----
>I have explained in previous posts the hack that
>penetrated my Sygate Personal Firewall. It was related to
>a change in the ntoskrnl.exe which it asks me to accept
>everyday at boot up. Here is something found on Sygate's
>Website.
>++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>http://soho.sygate.com/alerts/XP_default_TCP445_open.htm
>
> "TCP/UPD port 445 (used for filesharing and is opened by
>ntoskrnl.exe) is open by default on a freshly installed
>XP box. The attack is serious since it work remotely and
>can make the CPU usage 100% in less than 20 Seconds.
>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>Does it look like that is my problem? The hack seems to
>be using browsing requests of NetBios through TCP/IP on
>my machine.
>
>.
>
- Next message: Jonathan Kay [MVP]: "Re: Windows Messenger Quits as Soon as opened. Need help."
- Previous message: ds: "reinstall means no access to partition with NFTS"
- In reply to: Hacked: "Hack ntoskrnl.exe"
- Next in thread: Hass: "Hack ntoskrnl.exe"
- Reply: Hass: "Hack ntoskrnl.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
