Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

stealth virus on explorer.exe

from [Isaac Perez Moncho] Network Security [Permanent Link]
Subject: stealth virus on explorer.exe
Date: Fri, 28 Sep 2007 10:44:49 +0200 
Hello all,
I have a computer infected with a virus that act like this:
explorer.exe start opening smtp connections to several ip's and url's
until it exceed the tcp limit of windows xp sp2.
If I kill explorer.exe and run again from task manager the virus doesn't
run anymore until reboot.
It seems that the booting process of windows pass a parameter to
explorer for launch the virus. But not found anything interesting or
clear in the registry or boot.
I used nod32 and panda active scan for cleaning with no result. I alsoo
used spybot, adaware and superantispyware with the same null result.

Any ideas?

Thanks

-- 
Isaac Perez Moncho 
GSEC, SSP-GHD, SSP-MPA, SSP-CNSA Microsoft MCP.
JPL TSolucio S.L
www.tsolucio.com


---------------------------------------------------------------------------
This list is sponsored by: Black Hat

Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier 
technical event for ICT security experts. Featuring 30 hands-on training 
courses and 90 Briefings presentations with lots of new content and new 
tools.  Network with 4,000 delegates from 70 nations.  Visit product 
displays by 30 top sponsors in a relaxed setting.  

http://www.blackhat.com
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: McAfee 8.0 crashing Dell D620's, coolcoder
Next by Date:  RE: stealth virus on explorer.exe, infos3c
Previous by Thread:  Re: RE: McAfee 8.0 crashing Dell D620's, coolcoder
Next by Thread:  RE: stealth virus on explorer.exe, infos3c
Indexes:  [Date] [Thread] [Top] [All Lists]