Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Undetectable backdoor! help

from [Josh Tolley] Network Security [Permanent Link]
Subject: Re: Undetectable backdoor! help
Date: Wed, 7 Dec 2005 21:29:56 -0700 
On 7 Dec 2005 00:55:05 -0000, x@y.cz <x@y.cz> wrote:

I had the same problem as you. First SpySheriff and then the strange winlogon 
behaviour (with manwithnoname.biz). I think I solved it with Spyware  Doctor. 
I run fullsystem scan for several times, then also in safemode and the 
problem seems to dissapear. My firewall network activity watcher doesnt 
report the actvity of winlogon.exe any more. So try it and you will see.



I dealt with a similar problem recently; instructions from both McAfee
and Symantec failed to fix it, although McAfee's scanner managed to
pop up a warning every couple seconds that there was a virus. Winlogon
was loading a dll at startup, which would check on shutdown that it
was properly written into the registry so that it would be loaded
again on startup. In short, you couldn't just delete registry entries,
because they'd get written back again when you turned off the machine.
The solution was to use SysInternals' Process Explorer to suspend the
winlogon process, clean all references to that particular dll from the
registry, and power off the computer without shutting down normally.

-Josh
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Why using fport if netstat -b does much more ?, keydet89
Next by Date:  Undetectable backdoor - DETECTED, Costin Manda
Previous by Thread:  Re: Undetectable backdoor! help, x
Next by Thread:  Why using fport if netstat -b does much more ?, contrera
Indexes:  [Date] [Thread] [Top] [All Lists]