-
June 1st, 2004, 01:07 PM
#1
Ok What have I found this time..
Hi Guy's back at work again..
Have this one on my bench at this moment..
Win XP he.. with SP1 installed.. not sure of patches installed .. I know we have rpc-dcom covered but not sure since..
removed a little from the system sofar
nachi
d/l swizzer
spybot.worm
Randex.gen
have some crap random that look like a Bugbear type infection.. but are not fitting the information available..
did a netstat -a while connected to a test network..
and had ports listening in the 3000-3039, 4000.. 13000...
btw: whle NOT connected to a lan or internet I deleted the random named entries in the registry aswell as the same named in the system32 only for a different named file to return..
Also a quick HJT scan returned a few regular crap.. trying to remove them is interesting.. besides being denied access to the hosts file (now empty) ,
one is "Hijacked Internet access by New.Net
and "Broken Internet access because of LSP provider ösmim.dll"missing
ticking these to allow hjt to do its stuff results in a message box with three lines of "boxes" then the message "to fix these items will require a restart" needless they remain..
next step is to scann the hdd in another machine and see what it finds..
but first I recheck the cleans I have done.. just in case..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|