Found stuff on my computer
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Found stuff on my computer

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    2

    Found stuff on my computer

    I have found these files on my computer, I know they are bad, but can anyone tell me what they do? and can I just delete them? I found them by accident, is there another place to look? Thanx, Dima.

    Directory of C:\WINNT\system32\Profiles

    08/17/2004 10:52a <DIR> .
    08/17/2004 10:52a <DIR> ..
    09/22/2003 11:41p 39,424 bootdrv.dll
    09/30/2003 04:29a 365,896 cygwin1.dll
    10/22/2003 02:49p 899,439 ddt.exe
    08/17/2004 10:54a 0 dir.txt
    06/05/2004 03:02p <DIR> download
    06/08/2004 01:41p 90 exe.exe
    05/19/2004 08:48a 205 Explorer.bat
    04/12/2004 01:03a 217 FireDaemon.bat
    06/21/2003 05:41p 81,920 FireDaemon.exe
    05/19/2004 08:40a 530 FireLSASS.bat
    05/14/2004 02:58p 176,280 FixLGate.com
    06/08/2004 01:41p 0 Fixlgate.log
    05/28/2004 04:46p 31,534 ****.exe
    08/26/2003 02:44p 29,696 HIDDEN32.EXE
    08/26/2003 02:44p 1,790,464 iexplorer.exe
    07/24/2002 12:51a 228,940 iroffer.exe
    07/14/2003 02:21a 35,840 KILL.EXE
    06/06/2004 09:58a 14 LG.txt
    06/08/2004 01:42p 768 LGScans.log
    06/05/2004 03:02p <DIR> logs
    04/26/2004 12:13a 155,724 lsass.exe
    08/17/2004 10:43a 3,039 mirc.ini
    10/28/2003 10:32a 173,600 navdb.txt
    09/20/2003 08:23p 59,392 nc.exe
    06/08/2004 01:21p 807 RPCScans.log
    05/01/2004 12:27a 2,392 sc.exe
    05/19/2004 08:47a 4,583 secure.bat
    09/06/2003 06:46p 5,632 SecureNetbios.exe
    03/12/2004 02:12p 73 serv.dll
    05/01/2004 12:43a 68,096 serv.exe
    03/12/2004 02:27p 1,466 ServUDaemon.ini
    06/05/2004 03:02p <DIR> sounds
    05/27/2004 09:09a 19,968 svchost32.exe
    10/05/2003 03:35p 286,166 unzip.exe
    03/18/2003 02:12a 162,816 wget.exe
    06/28/2003 05:45a 497,152 WINMGNT.EXE
    33 File(s) 5,122,163 bytes
    5 Dir(s) 4,443,504,640 bytes free

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Well.... Where do I start.....

    Imagine a mechanic's toolbox..... All those tools..... You have as many here... It's a complete toolkit....

    It's impossible to say what they all do since all you can see there is the names and any file is easy to rename. nc.exe is there, that's NetCat probably - the self styled "Swiss Army Knife". There's a bunch of other stuff there too that may or may not be what they purport to be but whatever they are they aren't good.

    To be honest this box is so owned that your only safe recourse is to reformat and reinstall from scratch after backing up _only_ data files. Everything else must come from a trusted source.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    FireDaemon.exe lets you run programs as a service, NC.exe is NetCat and is useful for all sorts of stuff (like shoveling a shell) and there are quite a few other useful tools for a cracker there. Looks like someone has set up a backdoor and some tools on your box, maybe with a kit like Backdoor.IRC.Zcrew (http://securityresponse.symantec.com...c.zcrew.b.html ). I would recommend nuking and rebuilding your computer and changing all the passwords you normally use.

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Picking one off the entries at random. You seem to be infected with the Gaobot worm, for starters.

    So as Tiger Shark has suggested re-format and re-install is the best advice. It also allows remote access so a chang of all your passwords and login details to everything you do on line would be wise.
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Token drunken Irish guy
    Join Date
    Sep 2001
    Posts
    2,813
    ****.exe <--Dear lord.

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    ****.exe <--Dear lord.
    Yeah... Stuff like that has to be the skiddie idea of hiding something's true intent.....

    "OK, if we call it ****.exe maybe they'll think it's some kind of virtual vibrator or something. They sure wouldn't think it was a backdoor or something......."
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Junior Member
    Join Date
    Feb 2003
    Posts
    2
    The funny part is that I just typed it into a search as a fluke, I knew there was a problem with my computer and out of frastration thats what I typed inot the search f**k.exe and I guess it worked. Can anyone tell me how it could have gotten on my computer and how can I prevent this from happening again. Thanx.

  8. #8
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    Run an up-to-date AV package, run a firewall, keep up on your Windows patches and be careful what you install on your box.

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Do you have a firewall?
    Do you apply all the updates when they come out?
    Do you have file and printer sharing enabled?
    etc. etc. etc.

    [Edit]

    Old age is slowing me down I guess.....

    [/Edit]
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  10. #10
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •