G
Guest
Has anyone received the hacker.defender trojan that hides programs and installs slim ftp and if so, how do you get rid of it.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Gary Fose [MSFT]
Recommend you contact your antivirus provider for detection and removal.
Thanks,
Gary
--------------------
'--'Thread-Topic: hacker.defender
'--'thread-index: AcP3QHKW4/Ghsk30QCqOfem+FAkr6A==
'--'X-Tomcat-NG: microsoft.public.win2000.advanced_server
'--'From: "=?Utf-8?B?YmFzc2NhdA==?=" <[email protected]>
'--'Subject: hacker.defender
'--'Date: Thu, 19 Feb 2004 15:31:06 -0800
'--'Lines: 1
'--'Message-ID: <[email protected]>
'--'MIME-Version: 1.0
'--'Content-Type: text/plain;
'--' charset="Utf-8"
'--'Content-Transfer-Encoding: 7bit
'--'X-Newsreader: Microsoft CDO for Windows 2000
'--'Content-Class: urn:content-classes:message
'--'Importance: normal
'--'Priority: normal
'--'X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
'--'Newsgroups: microsoft.public.win2000.advanced_server
'--'Path: cpmsftngxa07.phx.gbl
'--'Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.advanced_server:17106
'--'NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
'--'X-Tomcat-NG: microsoft.public.win2000.advanced_server
'--'
'--'Has anyone received the hacker.defender trojan that hides programs and installs slim ftp
and if so, how do you get rid of it.
'--'
--
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included
script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this message are best
directed to the newsgroup/thread from which they originated.
Thanks,
Gary
--------------------
'--'Thread-Topic: hacker.defender
'--'thread-index: AcP3QHKW4/Ghsk30QCqOfem+FAkr6A==
'--'X-Tomcat-NG: microsoft.public.win2000.advanced_server
'--'From: "=?Utf-8?B?YmFzc2NhdA==?=" <[email protected]>
'--'Subject: hacker.defender
'--'Date: Thu, 19 Feb 2004 15:31:06 -0800
'--'Lines: 1
'--'Message-ID: <[email protected]>
'--'MIME-Version: 1.0
'--'Content-Type: text/plain;
'--' charset="Utf-8"
'--'Content-Transfer-Encoding: 7bit
'--'X-Newsreader: Microsoft CDO for Windows 2000
'--'Content-Class: urn:content-classes:message
'--'Importance: normal
'--'Priority: normal
'--'X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
'--'Newsgroups: microsoft.public.win2000.advanced_server
'--'Path: cpmsftngxa07.phx.gbl
'--'Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.advanced_server:17106
'--'NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
'--'X-Tomcat-NG: microsoft.public.win2000.advanced_server
'--'
'--'Has anyone received the hacker.defender trojan that hides programs and installs slim ftp
and if so, how do you get rid of it.
'--'
--
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included
script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this message are best
directed to the newsgroup/thread from which they originated.
G
Guest
I have contacted virus people and they say these are worms
and not really viruses and pestpatrol says they can handle
them, but you end up going in and manually removing them
yourself. There is a site you can go to get this program
with instruction and you compile it in delphi and run it
to infect a particular machine. It just so happens they
have decided to pick on me this month and they have not
quite outsmarted me yet, but that time is coming if they
do a tactic change when I get one figured out. There has
to be a setting in Windows that will not let this problem
happen. I think it is happening initially through a
buffer overflow and then they are opening up ports on the
server side to run programs and install services that stay
hidden. You can view the files from attaching a drive
from another machine, but no matter what you do on that
machine it will never display it. There is a
legacy_kerbkey, a legacy_ipprov, and legacy_servu entry in
the current control set 2 and 1 that you have to go seize
permissions do delete these keys. This stuff is a mess, I
have been messin with it since last Monday.
and not really viruses and pestpatrol says they can handle
them, but you end up going in and manually removing them
yourself. There is a site you can go to get this program
with instruction and you compile it in delphi and run it
to infect a particular machine. It just so happens they
have decided to pick on me this month and they have not
quite outsmarted me yet, but that time is coming if they
do a tactic change when I get one figured out. There has
to be a setting in Windows that will not let this problem
happen. I think it is happening initially through a
buffer overflow and then they are opening up ports on the
server side to run programs and install services that stay
hidden. You can view the files from attaching a drive
from another machine, but no matter what you do on that
machine it will never display it. There is a
legacy_kerbkey, a legacy_ipprov, and legacy_servu entry in
the current control set 2 and 1 that you have to go seize
permissions do delete these keys. This stuff is a mess, I
have been messin with it since last Monday.
-----Original Message-----
Recommend you contact your antivirus provider for detection and removal.
Thanks,
Gary
--------------------
'--'Thread-Topic: hacker.defender
'--'thread-index: AcP3QHKW4/Ghsk30QCqOfem+FAkr6A==
'--'X-Tomcat-NG: microsoft.public.win2000.advanced_server
'--'From: "=?Utf-8?B?YmFzc2NhdA==?="
hides programs and installs slim ftp'--'Subject: hacker.defender
'--'Date: Thu, 19 Feb 2004 15:31:06 -0800
'--'Lines: 1
'--'Message-ID: <8BBAB9E7-A453-4B1B-B69A- (e-mail address removed)>
'--'MIME-Version: 1.0
'--'Content-Type: text/plain;
'--' charset="Utf-8"
'--'Content-Transfer-Encoding: 7bit
'--'X-Newsreader: Microsoft CDO for Windows 2000
'--'Content-Class: urn:content-classes:message
'--'Importance: normal
'--'Priority: normal
'--'X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
'--'Newsgroups: microsoft.public.win2000.advanced_server
'--'Path: cpmsftngxa07.phx.gbl
'--'Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.advanced_server:17106
'--'NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
'--'X-Tomcat-NG: microsoft.public.win2000.advanced_server
'--'
'--'Has anyone received the hacker.defender trojan that
confers no rights. Use of includedand if so, how do you get rid of it.
'--'
responses to this message are bestscript samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all