Hack ntoskrnl.exe
From: Hass (hass@coldspringmedia.com)
Date: 07/03/02
- Next message: Jonathan Kay [MVP]: "Re: Windows Messenger Quits as Soon as opened. Need help."
- Previous message: ed: "folder restriction"
- In reply to: Jethro: "Hack ntoskrnl.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Hass" <hass@coldspringmedia.com> Date: Wed, 3 Jul 2002 10:28:18 -0700
Thanks Jethro: I ran "HouseCall" and it showed that my
system was clean.
Thanks for the suggestion. "Great Site!"
>-----Original Message-----
>Could be a virus. Ran a virus search at TrendMicro with
>the keyword "ntoskrnl.exe" and it returned "bolzano"
virus
>variants with a payload similar to what you described.
To
>be on the sure side run TrendMicro's free online virus
>scanner HouseCall found at
http://housecall.antivirus.com
>and let us know what you find.
>>-----Original Message-----
>>I have explained in previous posts the hack that
>>penetrated my Sygate Personal Firewall. It was related
to
>>a change in the ntoskrnl.exe which it asks me to accept
>>everyday at boot up. Here is something found on
Sygate's
>>Website.
>>++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>http://soho.sygate.com/alerts/XP_default_TCP445_open.htm
>>
>> "TCP/UPD port 445 (used for filesharing and is opened
by
>>ntoskrnl.exe) is open by default on a freshly installed
>>XP box. The attack is serious since it work remotely
and
>>can make the CPU usage 100% in less than 20 Seconds.
>>++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
>>Does it look like that is my problem? The hack seems to
>>be using browsing requests of NetBios through TCP/IP on
>>my machine.
>>
>>.
>>
>.
>
- Next message: Jonathan Kay [MVP]: "Re: Windows Messenger Quits as Soon as opened. Need help."
- Previous message: ed: "folder restriction"
- In reply to: Jethro: "Hack ntoskrnl.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
