Security Incidents mailing list archives
Re: Rcon trojan
From: H C <keydet89 () yahoo com>
Date: Tue, 5 Mar 2002 05:38:07 -0800 (PST)
Deleting the Registry entry for a trojan only partially solves the problem. The Registry entry is usually used for persistence, so that the trojan will start up again upon reboot. If only the Registry entry is deleted, the trojan itself may still be running in memory. What needs to be done is that the admin needs to determine how the trojan got there in the first place, and then remove it completely. If the os and apps need to be reloaded from clean media, then the admin definitely needs to know how the trojan got there in the first place...otherwise, he's reinstalling the same holes and vulnerabilities all over again. --- Tom Gerritsen <jabba () home nl> wrote:
Op maandag 4 maart 2002 18:08, heeft Owen Creger ons proberen te vertellen:rcontry to google http://www.google.nl/search?q=rcon+trojan&hl=nl&lr= I got this hit that you can use.
http://www.glocksoft.com/trojan_list/Rcon_Recon_Xcon.htm
Looks like some registry hacking. Just go into regedit and press ctrl+f enter runonce to search for. If he finds it, above it you'll find the run key. (searching for the word run takes to long, because the registry is full of it... ) Do this something like 3 times, because the run key is used more then once.. -- GreetZz Tom Gerritsen jabba () home nl
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
__________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Rcon trojan Owen Creger (Mar 04)
- Re: Rcon trojan Hugo van der Kooij (Mar 04)
- Re: Rcon trojan Tom Gerritsen (Mar 04)
- Re: Rcon trojan H C (Mar 05)
- Re: Rcon trojan H C (Mar 05)