Mauricio Fernandez schrieb:
I am not sure, but I think that I was hacked again.
Not really. You "hacked" yourself bei using broken software and not
using your brain ;-)
I have a w2k SP4 full patched box
Fine.
with KerioFirewall,
Not so fine. Desktop Firewalls are _not_ useful. They can't reliable
control outgoing connections, especially if your run your computer as
Administrator (and I guess, you do). In some cases, Desktop Firewalls
aka Personal Firewalls are making your system weaker (because there were
additional bugs in some firewalls). I guess, you are working in a
network with other machines ... so check _every_ machine in your
network. And ... get off this lousy "firewalls".
Winproc.exe
<http://it.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&VName=TROJ_PWSIM.A>
Please, completely re-setup your machine and, this is important, CHANGE
EVERY PASSWORT YOU EVER USED. TROJ_PWSIM.A is a Keylogger, so every
password you typed in during the Malware was active, is PROBABLY STOLEN.
Read:
<http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx>
Msnmsgr.exe
Several possibilities:
<http://www.sophos.com/virusinfo/analyses/w32rbotjz.html>
<
If this is the real intruder, your machine is not longer yours, probably
a zombie in a bigger Bot-Net. Now you have really to re-setup your machine.
Does anyone know some attack with this three files combination?
Read the linked pages. Additionally you can use a very good german tool:
<http://ntsvcfg.de/ntsvcfg_eng.html>
I did really good experiences with this. Most of this $)§@&$-Malware
will not harm you anymore - if you operate your computer wisely, of course!
Please, read additionally:
<http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx>
<http://www.microsoft.com/germany/technet/datenbank/articles/600237.mspx>
<http://www.microsoft.com/germany/technet/datenbank/articles/600236.mspx>
Greetings,
Chris
