-
May 23rd, 2003, 03:13 AM
#1
Junior Member
security risk detected
Hi, I`ve run my Norman Virus Control and it has detected about 7 security risks so far
C:\WINNT\SYSTEM32\Libparse.exe Security risk:W32\HackPV.A C:\WINNT\SYSTEM32\psexec.exe W32/HackPS.A C:\WINNT\SYSTEM32 \CONFIG\Libparse.exe W32/HackPV.A
C:\WINNT\SYSTEM32 \CONFIG\psexec.exe W32/HackPS.A
C:\WINNT\WEB\PRINTERS\IMAGES\Libparse.exe W32/HackPV.A
C:\WINNT\WEB\PRINTERS\IMAGES\psexec.exe W32/HackPS.A
C:\WINNT\WEB\PRINTERS\IMAGES\svchost32.exe W32/HideWindow.B
Does anybody have any idea of what this is and what to do since the AV cannot delete them?
-
May 23rd, 2003, 03:15 AM
#2
I would look them up on google and maybe try http://www.symantec.com
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
May 23rd, 2003, 01:02 PM
#3
psexec is part of the pstools suite from Sysinternals
Svchost32 is part of a backdoor more info can be found here
My best guess? You're screwed. Your machine is probably backdoored.
Oliver's Law:
Experience is something you don't get until just after you need it.
-
May 23rd, 2003, 01:10 PM
#4
dude your gettin owned (think dell guy that got arrested for pot)
-
May 23rd, 2003, 02:01 PM
#5
pop into safe mode and try t delete them there...or create a bot disk from the av program and use that.
Who is more trustworthy then all of the gurus or Buddha’s?
-
May 23rd, 2003, 04:34 PM
#6
I'm not sure but u may had been infected by TROJ_FLOOD.BI.DR.
check if u find a RCFG.INI file it's used to connect to an IRC server from which the attacker takes control on u.
[shadow] SHARING KNOWLEDGE[/shadow]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|