If you dont want to format perhaps you wont NEED to, although its recommended for reasons mentioned by Wayne above. This analysis will take a great deal of time, so Zach best to email me and we will keep up to date on your status. Im not yet sure of the extent of removal from this, but there will surely be some things left over or not right. This is included by the hackers to enable removing of services they added, users, turn off the terminal server and more. Windows\System32\dhcp\files\copy\remall.bat
If you haven't deleted the files yet, or are going to format anyway Zach. This one also uses a vulnerability scanner to find more machines with no ADMIN password, or a weak password, or a guest account enabled. Its setting the victim machine up as a fileserver for XDCC bots on IRC channels. I can tell exactly what it is, a growing threat facing NT/2000/XP users these days. Should I just reformat the computer and start over? What do the files in the possible-trojan.zip do? I hope I'm making sense. I don’t think the Trojan is fully removed. Using TCPView and Process Explorer from Systems Internals I’ve removed all the suspicious files accessing the Internet. The trouble is that when I startup the computer it still kills the Norton AntiVirus and ZoneAlarm processes. I cleaned up the startup entries that it put in the registry. I've deleted the services that this Trojan creates. Available by request to AV and AT vendors only.Pieter When I went and opened this folder I found a bunch of other files which I have zipped in a folder and uploaded to my website.
One of the files it found was in a folder named c:\winnt\system32\dhcp\files. After installing it and scanning it found numerous files that contained the RAT Trojan. Norton Antivirus wasn’t checking any of these files so I downloaded TDS. After just a few minutes I found programs that were using funny names to startup like serany.exe task32.exe and server.exe.
The user companied that ZoneAlarm would not startup on this computer. I began working on a computer today running Windows 2000 SP3 that had some strange problems.
0 kommentar(er)
