thend
Aug 8 2004, 04:08 PM
If someone have info what are these files let me know.i found them in system32 directory, kaspersky did not detect anything.they are also started as services in the registry :HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
probably some lame version of modded serv-u + a backdoor or an irc bot...
just delete the damn files'delete the REG keys and patch your box..
and i hope that you are running a decet AV+FireWall
Cheers.
Axl
ps.
wtf is kaspersky ?!
dude...run NAV or Panda
Cheers.
Axl
mortello
Aug 8 2004, 06:41 PM
| QUOTE (QuantumTopology @ Aug 8 2004, 04:33 PM) |
probably some lame version of modded serv-u + a backdoor or an irc bot...
just delete the damn files'delete the REG keys and patch your box..
and i hope that you are running a decet AV+FireWall
Cheers.
Axl
ps.
wtf is kaspersky ?!
dude...run NAV or Panda
Cheers.
Axl |
Kaspersy is probably the best available antivirus....
NAV isn't too good and Panda wasn't that good not so long ago (may have changed lately)
So I'd say that its some kind of lame serv-U modded like you said with a backdoor, but I'd bt NAV and Panda wouldn't detect them,....
to the first poster, fport yourself and check the open ports and decide if you have installed those apps, net stop the services and delete the programs.
Serhat
Aug 8 2004, 08:51 PM
try the check the FILE VERSIOn/comments also.. some n00bs forget to remove that stuff.. so it will just say Serv-U FTP server if it is Serv-U like QuantumTopology says...
Serhat
aapje
Aug 9 2004, 02:25 AM
get a firewall you never know what other backdoors you dont know of are installed
thend
Aug 9 2004, 06:34 AM
i checked the machine with fport,tcpview,pslist nothing suspicious maybe some kind of kernel backdoor i don't know
no dude
if it was a kernel backdoor(rootkit) then u wouldnt see the files..
maybe some sort of spyware.
just stop the services and delete the files.
nuorder
Aug 9 2004, 02:52 PM
any chance of uploading a sample?
aapje
Aug 9 2004, 03:48 PM
good spyware scanner
http://www.safer-networking.org/en/index.htmland like said just delete them... (and get a firewall)
Krogoth
Aug 9 2004, 04:46 PM
last week i had a weird problem. i've formatted my box, fresh installed winxp sp1 and applied a pre-downloaded patch KB835732. then, there were 2 files residing in \windows\system32. i couldn't remember the filenames tho. there were also something like windows update in the registry..
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
deleting the keys and files didn't kill them permanently as these 2 keys and files will re-appear again and again. however, i went to windows update and applied critical patches, these files become inactive. i deleted the files and reg keys, all the problem has gone.
best bet for you is to get a firewall and inspect the files. delete them if suspicious and don't forget to update to the latest patches. i think you have a different scenerio than mine as stated above.
aapje
Aug 10 2004, 04:05 PM
once time i formatted (full), installed win xp pro, didnt connect to the internet.
First time i connect to the internet to update & stuff, i immediately get redirected to porn pages =\ while i was connected just 1 minute and didnt do anything lol. nothing to do with this i guess but it shows how fast it is.
Krogoth
Aug 11 2004, 05:01 AM
lol.. yeah that's true. get the patches first from MS download section. then do a fresh installation and apply the patches which you've downloaded. connect to the internet and do windows update. sry for not mentioning in my previous post.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
