Security Basics mailing list archives
Re: Hacked
From: Ramon Kagan <rkagan () yorku ca>
Date: Thu, 14 Apr 2005 14:35:24 -0400 (EDT)
To be honest... at this point it would be faster to rebuild. You can waste hours trying (and I do mean trying) to sanitize a system but there will never be a guarantee it's clean. Due diligence would suggest a rebuild in such a severe case. Ramon Kagan York University, Computing and Network Services Information Security - Senior Information Security Analyst (416)736-2100 #20263 rkagan () yorku ca ----------------------------------- ------------------------------------ I have not failed. I have just I don't know the secret to success, found 10,000 ways that don't work. but the secret to failure is trying to please everybody. - Thomas Edison - Bill Cosby ----------------------------------- ------------------------------------ On Thu, 14 Apr 2005, Mauricio Fernandez wrote:
This morning I found a wwwhack window opened on one of my w2k servers, antivirus agent was deleted (TrendMicro) and when I reinstall it back, it found about 4500 viruses named PE_PARITE.B Now the virus is still regenerating itself creating files on winnt\temp folder, I saw the task list and stopped all the suspicious process, but the virus still goes on... The virus/hacker created a folder named RADMIN, where he copied these files: r_server.exe admdll.dll hide.reg raddrv.dll pro.bat start.bat Does anyone knows how to remove this virus and avoid this hack vulnerability? Mauricio Fern?ndez S. IT Manager Tel. 591- 445-25160 Fax. 591- 441-15056 mfernandez () fdta-valles org www.fdta-valles.org Cochabamba - Bolivia
--------------------------------------------------------------------------- Earn your MS in Information Security ONLINE Organizations worldwide are in need of highly qualified information security professionals. Norwich University is fulfilling this demand with its MS in Information Security offered online. Recognized by the NSA as an academically excellent program, NU offers you the opportunity to earn your degree without disrupting your home or work life. http://www.msia.norwich.edu/secfocus_en ----------------------------------------------------------------------------
Current thread:
- Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Micheal Espinola Jr (Apr 14)
- Re: Hacked Alvaro Prieto (Apr 14)
- Re: Hacked Ramon Kagan (Apr 14)
- Re: Hacked confi dential (Apr 14)
- RE: Hacked Mauricio Fernandez (Apr 14)
- RE: Hacked Dr.Chandra (Apr 15)
- RE: Hacked Mauricio Fernandez (Apr 14)
- Re: Hacked Markus Pieton (Apr 14)
- Re: Hacked Jacob Bresciani (Apr 14)
- Re: Hacked Ansgar -59cobalt- Wiechers (Apr 18)
- Re: Hacked Nathaniel Hall (Apr 14)
- Re: Hacked Valentin Höbel (Apr 14)
- Re: Hacked xyberpix (Apr 14)
- Re: Hacked Alen Capalik (Apr 14)
(Thread continues...)