Results 1 to 6 of 6

Thread: security risk detected

  1. #1
    Junior Member
    Join Date
    Apr 2003
    Posts
    2

    Question security risk detected

    Hi, I`ve run my Norman Virus Control and it has detected about 7 security risks so far
    C:\WINNT\SYSTEM32\Libparse.exe Security risk:W32\HackPV.A C:\WINNT\SYSTEM32\psexec.exe W32/HackPS.A C:\WINNT\SYSTEM32 \CONFIG\Libparse.exe W32/HackPV.A
    C:\WINNT\SYSTEM32 \CONFIG\psexec.exe W32/HackPS.A
    C:\WINNT\WEB\PRINTERS\IMAGES\Libparse.exe W32/HackPV.A
    C:\WINNT\WEB\PRINTERS\IMAGES\psexec.exe W32/HackPS.A
    C:\WINNT\WEB\PRINTERS\IMAGES\svchost32.exe W32/HideWindow.B
    Does anybody have any idea of what this is and what to do since the AV cannot delete them?

  2. #2
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    I would look them up on google and maybe try http://www.symantec.com
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    psexec is part of the pstools suite from Sysinternals

    Svchost32 is part of a backdoor more info can be found here

    My best guess? You're screwed. Your machine is probably backdoored.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    dude your gettin owned (think dell guy that got arrested for pot)

  5. #5
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    pop into safe mode and try t delete them there...or create a bot disk from the av program and use that.
    Who is more trustworthy then all of the gurus or Buddha’s?

  6. #6
    Senior Member
    Join Date
    Nov 2002
    Posts
    382
    I'm not sure but u may had been infected by TROJ_FLOOD.BI.DR.

    check if u find a RCFG.INI file it's used to connect to an IRC server from which the attacker takes control on u.
    [shadow] SHARING KNOWLEDGE[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •