Re: Hacked

[confi dential <arpanet.biz () gmail com>]

Hello Mauricio,
RAdmin is used for remote administration, the attacker installed that
application on your machine so he could have control over it.
Remove those files and check what start.bat and pro.bat do so you
could remove the application completely off your system.

Also, if you haven't yet - download and install the updates from
http://windowsupdate.microsoft.com/


   Or Weinberger 

On 4/14/05, Mauricio Fernandez <mfernandez () fdta-valles org> wrote:
> This morning I found a wwwhack window opened on one of my w2k servers,
> antivirus agent was deleted (TrendMicro) and when I reinstall it back, it
> found about 4500 viruses named PE_PARITE.B
>
> Now the virus is still regenerating itself creating files on winnt\temp
> folder, I saw the task list and stopped all the suspicious process, but
> the virus still goes on...
>
> The virus/hacker created a folder named RADMIN, where he copied these
> files:
> r_server.exe
> admdll.dll
> hide.reg
> raddrv.dll
> pro.bat
> start.bat
>
> Does anyone knows how to remove this virus and avoid this hack
> vulnerability?
>
> Mauricio Fernández S.
> IT Manager
> Tel. 591- 445-25160
> Fax. 591- 441-15056
> mfernandez () fdta-valles org
> www.fdta-valles.org
> Cochabamba - Bolivia

---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals.  Norwich University is fulfilling this demand with its MS in
Information Security offered online.  Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------