Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: "Exim.exe" E-Mail Tracking

  1. #21
    andyone knows how to reboot in Safe mode with Windows XP??
    Simple I know halv poste how to do it too, these more detailed instructions

    Windows XP

    If Windows XP is the only operating system installed on your computer, booting into Safe Mode with these instructions.

    * If the computer is running, shut down Windows, and then turn off the power
    * Wait 30 seconds, and then turn the computer on.
    * Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
    * Ensure that the Safe mode option is selected.
    * Press Enter. The computer then begins to start in Safe mode.
    * When you are finished with all troubleshooting, close all programs and restart the computer as you normally would.

    To use the System Configuration Utility method

    * Close all open programs.
    * Click Start, Run and type MSCONFIG in the box and click OK
    * The System Configuration Utility appears, On the BOOT.INI tab, Check the "/SAFEBOOT" option, and then click OK and Restart your computer when prompted.
    * The computer restarts in Safe mode.
    * Perform the troubleshooting steps for which you are using Safe Mode.
    When you are finished with troubleshooting in Safe mode, open MSCONFIG again, on the BOOT.INI tab, uncheck "/SAFEBOOT" and click OK to restart your computer

    http://www.pchell.com/support/safemode.shtml
    O.G at A.O

  2. #22
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Try reading this if Exim is on a Windows based system http://pigtail.net/LRP/cygwin-exim.html should tel you what to look for and what needs to be removed. Nifty little hack you got where did you get it?
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  3. #23
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    When you start Windows it'll say something like "F8 - Boot Menu" or something like that. It's not always F8. Sometime's it's different depending upon your BIOS (I think it's the BIOS, anyways...). For example, my Dell computer that I'm running now makes me press F12 to access my Boot Menu, however, it's generally F8. So basically you need to find which key your computer needs you to press and you're good to go! Let us know if you get it!

    Regards,
    Xierox
    "Personality is only ripe when a man has made the truth his own."

    -- S鷨en Kierkegaard

  4. #24
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    hey pale moon you may have something there.

    do a 'find files' for cygwin1.dll. if you find it chances are there is a downloader (trojan dropper) that downloaded and installed all this and more on your computer. this really sounds like a case for the authorities. too bad you've been messing around with the files.

    if a person did this to you then you can bet he took full advantage. if it were a worm the evil server would be shut down by the police before the perps got all the infected computers addresses. but it sounds like this guy 'got' you up close and personal. you probably have at least a back door, a zombie for DDoS and maybe a rootkit installed(very hard for the average person to detect)in addition to the rouge smtp server. it would be prudent to format and reinstall your os, unless you plan on taking it to the police.
    Bukhari:V3B48N826 The Prophet said, Isnt the witness of a woman equal to half of that of a man? The women said, Yes. He said, This is because of the deficiency of a womans mind.

  5. #25
    Member
    Join Date
    Sep 2001
    Posts
    37
    Try booting into SAFE mode and deleting the unwanted exe.

  6. #26
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    princesscheroke the reason NAV or AVG do not detect exim.exe as a virus/trojan is because it is not. its just an smtp server placed there for illegal purposes. AV programs do not recognize ligitimate programs as viruses. so netcat which is mearly a network tool will also go undetected even in listening mode as would, ftp, vnc or radmin to name a few. these services can be hidden from the task manager (and the systray) very easily. there are back doors that respond to udp that do not show as listening ports. be very careful. mearly deleating exim may just give you a false sense of security.
    Bukhari:V3B48N826 The Prophet said, Isnt the witness of a woman equal to half of that of a man? The women said, Yes. He said, This is because of the deficiency of a womans mind.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •