|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: strange windows behaviour.
From: Derek (infosec_guy2003
yahoo.com)
Date: Mon Oct 13 2003 - 17:57:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Some strange stuff in the strings, like what looks like an automated
IRC script for a Russian guy to pick up women. Hmm.
Derek
> -----Original Message-----
> From: J Mike Rollins [mailto:rollinswfu.edu]
> Sent: Friday, October 10, 2003 8:50 AM
> To: Fabio Panigatti
> Cc: incidentssecurityfocus.com
> Subject: Re: strange windows behaviour.
>
> The rundll32 path\to\the\trojan.dll,Uninstall does seem to remove
> the entries from the registry. However, the stream is still on
> the system. Something like, "echo A > C:\path\to:trojan.dll"
> will clobber it.
>
> A comment on how to un-install this is in the comments of the
> program. Along with a bunch of other interesting text. I have
> posted the strings from the trojan on a web page:
>
> http://www.wfu.edu/~rollins/trojan.txt
>
> However, I am not sure that I feel safe after
> un-installing it this way.
> If this is a backdoor program, who knows what else
> might have been done to the system.
>
>
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]