Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Hacked (...still cleaning)

from [Beauford, Jason] Network Security [Permanent Link]
Subject: RE: Hacked (...still cleaning)
Date: Tue, 19 Apr 2005 16:16:31 -0400 
This wont delete it, but it might stop it from running:

Right Click "My Computer" and click Properties or Start => Settings => Control 
Panel => System

Click the Advanced Tab => Environmental Variables

Under System Variables modify the path and remove C:\WINNT\SYSTEM32 or 
C:\WINDOWS\SYTEM32.  Maybe remove C:\WIN..\SYSTEM as well.  

If you remove the paths, the file should not be able to be run from a 
commandline or from the START => Run menu, unless you manually specify the path 
in the command.

Just an idea :)


- JMB

-----Original Message-----
From: Mauricio Fernandez [mailto:mfernandez@fdta-valles.org] 
Sent: Monday, April 18, 2005 4:34 PM
To: security-basics@securityfocus.com
Subject: RE: Hacked (...still cleaning)


One thing I am trying to do is to hide the cmd.exe file to avoid the 
possibility of running some programs. I searched the file on the hole system 
and deleted from \system32\ and \I386\ folders, copied into a folder no 
included on the system path with a different name. But if I invoke cmd.exe, it 
appears again on \system32\

Does anyone knows how to remove it?


Mauricio Fernández S.
IT Manager
Tel. 591- 445-25160
Fax. 591- 441-15056
mfernandez@fdta-valles.org
www.fdta-valles.org
Cochabamba - Bolivia
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Steps to avoid Social Engineering, John Blackley
Next by Date:  Re: Steps to avoid Social Engineering, Raoul Armfield
Previous by Thread:  RE: Hacked (...still cleaning), Horn Michael
Next by Thread:  RE: Hacked (...still cleaning), Kirk Brady
Indexes:  [Date] [Thread] [Top] [All Lists]