security risk detected
Results 1 to 6 of 6

Thread: security risk detected

  1. #1
    Junior Member
    Join Date
    Apr 2003

    Question security risk detected

    Hi, I`ve run my Norman Virus Control and it has detected about 7 security risks so far
    C:\WINNT\SYSTEM32\Libparse.exe Security risk:W32\HackPV.A C:\WINNT\SYSTEM32\psexec.exe W32/HackPS.A C:\WINNT\SYSTEM32 \CONFIG\Libparse.exe W32/HackPV.A
    C:\WINNT\SYSTEM32 \CONFIG\psexec.exe W32/HackPS.A
    C:\WINNT\WEB\PRINTERS\IMAGES\Libparse.exe W32/HackPV.A
    C:\WINNT\WEB\PRINTERS\IMAGES\psexec.exe W32/HackPS.A
    C:\WINNT\WEB\PRINTERS\IMAGES\svchost32.exe W32/HideWindow.B
    Does anybody have any idea of what this is and what to do since the AV cannot delete them?

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Washington State
    I would look them up on google and maybe try
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Rotterdam, Netherlands
    psexec is part of the pstools suite from Sysinternals

    Svchost32 is part of a backdoor more info can be found here

    My best guess? You're screwed. Your machine is probably backdoored.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    dude your gettin owned (think dell guy that got arrested for pot)
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  5. #5
    Senior Member
    Join Date
    Mar 2003
    central il
    pop into safe mode and try t delete them there...or create a bot disk from the av program and use that.
    Who is more trustworthy then all of the gurus or Buddha’s?

  6. #6
    Senior Member
    Join Date
    Nov 2002
    I'm not sure but u may had been infected by TROJ_FLOOD.BI.DR.

    check if u find a RCFG.INI file it's used to connect to an IRC server from which the attacker takes control on u.
    [shadow] SHARING KNOWLEDGE[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts