Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 答复: Hacked again???

from [Vijay Vikram] Network Security [Permanent Link]
Subject: Re: 答复: Hacked again???
Date: Mon, 27 Jun 2005 12:36:38 +0530 
More information on the "good" processess running in the computer -DLLs and 
EXEs can be seen in
http://www.processlibrary.com/
If the process is not listed in here , we can also run the 
http://www.sysinternals.com/Utilities/ProcessExplorer.html
to find the veracity of the same. 
Finally as  Yu Haitao David pointed , a HijackFix scan will yeildresults to 
remove the "bad" stuff

regardsKKDU
On 6/16/05, Yu Haitao David <davidyu@tencent.com> wrote:> check via 
googling...> > winproc.exe   ---- from 
http://www.trojaner-board.de/showthread.php?t=2153,> it must be a  brwoser 
hijacker, use spyware tools to remove it> > Rpcservice.exe    ------ no useful 
information, but from its name, must be> a> RPC server/client. mostly used in 
many trojans> > msnmsgr.exe  ------- if you are soure of that it is NOT from 
microsoft,> then> it IS the malicious process.> > what these three combination 
could do? hm, if they are really worked> together, your PC might be trojaned or 
zombied, maybe totally controlled by> someone else.> > you may solve this in 
the following steps:> > 1. using spyware removing tools, such as HijackThis, to 
check registry,> delete obvious suspecious entry. especially in RUN;> 2. reboot 
to Safe Mode, delete those files listed;> 3. using some browser fixing tools, 
such as TweakUI, to restore your> browser> settings.> > hope it helped.> > 
-----邮件原件-----> 发件人: Mauricio Fernandez 
[mailto:mfernandez@fdta-valles.org] > 发送时间: 2005年6月15日 6:20> 收件人: 
security-basics@securityfocus.com> 主题: Hacked again???> > Hi…> > I am not 
sure, but I think that I was hacked again.> > I have a w2k SP4 full patched box 
with KerioFirewall, and this morning I> found three running process on it:> 
Winproc.exe> Rpcservice.exe> Msnmsgr.exe> > The last one it is not the 
Messenger from Microsoft…> > I google those file names, but all I found was in 
Japanese/Hebrew or> something...>  > Does anyone know some attack with this 
three files combination?> > TIA> > > > Mauricio Fernández S.> IT Manager> Tel. 
591- 445-25160> Fax. 591- 441-15056> mfernandez@fdta-valles.org> 
www.fdta-valles.org> Cochabamba - Bolivia> > >
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Masters program for Information Security?, David Klotz
Next by Date:  Re: Nmap oprions, Hecber Cordova
Previous by Thread:  答复: Hacked again???, Yu Haitao David
Next by Thread:  Re: Hacked again???, Mark Bassett
Indexes:  [Date] [Thread] [Top] [All Lists]