NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> 2004-02

RE: [Full-Disclosure] Removal?

From: axid3j1al axid3j1al (axid3j1alhotmail.com)
Date: Tue Feb 03 2004 - 18:41:48 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>From: "Schmehl, Paul L" <paulsutdallas.edu>
>To: "axid3j1al axid3j1al" <axid3j1alhotmail.com>,
><full-disclosurelists.netsys.com>
>Subject: RE: [Full-Disclosure] Removal?
>Date: Tue, 3 Feb 2004 14:02:29 -0600
>
> > -----Original Message-----
> > From: full-disclosure-adminlists.netsys.com
> > [mailto:full-disclosure-adminlists.netsys.com] On Behalf Of
> > axid3j1al axid3j1al
> > Sent: Tuesday, February 03, 2004 12:03 AM
> > To: full-disclosurelists.netsys.com
> > Subject: [Full-Disclosure] Removal?
> >
> >
> > How do I delete the virus that is not detectable by norton av (latest
> > definitions)
> >
>http://housecall.antivirus.com/
> >
> > but has the files
> > c:\windows\system32\f~q\fag.exe
> > c:\windows\system32\f~q\usr_crt.dll
> >
> > i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ?
> >

Good Idea.

But did not work.

usr_crtl.dll wont unregister and fag.exe is not in the process list.

>regsvr32 /u c:\windows\system32\f~q\usr_crt.dll
>del c:\windows\system32\f~q\usr_crt.dll
>Ctrl-Alt-Del/Task Manager/Processes
>Locate fag.exe and End Process
>
>Get your AV software up to date and keep it that way.
>Go to Windows Update and patch to current.

Norton is fully patched to current as is windows update.

Current versions of adaware, spybot (search & Destroy) or norton found any
trace of the trojan.
Even when pointed directly at that directory. Anything else that recgnises
this?

>
>Paul Schmehl (paulsutdallas.edu)
>Adjunct Information Security Officer
>The University of Texas at Dallas
>AVIEN Founding Member
>http://www.utdallas.edu/~pauls/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________________________________________________________
E-mail just got a whole lot better. New ninemsn Premium. Click here
http://ninemsn.com.au/premium/landing.asp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]