Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: Question for all

RE: Question for all

From: Bob Walker <bobwalker8_at_comcast.net>
Date: Sun, 3 Aug 2003 23:54:05 -0500

Hamish

While I am a huge fan of the msconfig utility in windows machines, it
doesn't work in win2k. Doesn't even exist. My advice would be to go
the safe mode route, as you suggested. Another possible avenue (for
advanced users only though), would be to go to administrative tools,
computer management, and remove the offending service there.

Bob

-----Original Message-----
From: KoRe MeLtDoWn [mailto:koremeltdown_at_hotmail.com]
Sent: Friday, August 01, 2003 2:44 PM
To: Jeffrey.Flory2_at_LACKLAND.AF.MIL; security-basics_at_securityfocus.com;
incidents_at_securityfocus.com
Subject: Re: Question for all

Hi there Jeffery,
Backdoor.Trojan is a generec term used by norton to identify any trojan
or
suspected trojan that does not have specific information on their dat
database, but contains trojan-like signatures.
Have you tried booting into safe mode and removing the trojan? Also, try

clicking your start button, then run and type msconfig. Take the trojan
out
of the "bootup/Startup (one of the two)" tab.
The reason you delete it in safemode is because windows only starts
essential services while in safe mode - it will not start your trojan
horse
unless it is REALLY smart, which im sure it isn't...

Give that a go, and good luck,

Hamish Stanaway

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Owner/Operator
Auckland New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com

>From: Flory D Jeffrey Contractor 59MDSS/MSISI
><Jeffrey.Flory2_at_LACKLAND.AF.MIL>
>To: security-basics_at_securityfocus.com, incidents_at_securityfocus.com
>CC: Flory D Jeffrey Contractor 59MDSS/MSISI
><Jeffrey.Flory2_at_LACKLAND.AF.MIL>
>Subject: Question for all
>Date: Fri, 1 Aug 2003 09:22:51 -0500 MIME-Version: 1.0
>Received: from outgoing2.securityfocus.com ([205.206.231.26]) by
>mc6-f29.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Fri, 1
Aug
>2003 12:10:42 -0700
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid
>831E58F610; Fri, 1 Aug 2003 10:14:53 -0600 (MDT)
>Received: (qmail 32077 invoked from network); 1 Aug 2003 14:43:40 -0000
>X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD
>Mailing-List: contact security-basics-help_at_securityfocus.com; run by
ezmlm
>Precedence: bulk
>List-Id: <security-basics.list-id.securityfocus.com>
>List-Post: <mailto:security-basics_at_securityfocus.com>
>List-Help: <mailto:security-basics-help_at_securityfocus.com>
>List-Unsubscribe:
<mailto:security-basics-unsubscribe_at_securityfocus.com>
>List-Subscribe: <mailto:security-basics-subscribe_at_securityfocus.com>
>Delivered-To: mailing list security-basics_at_securityfocus.com
>Delivered-To: moderator for security-basics_at_securityfocus.com
>Message-ID:
<588C513CC306D611A2910003479604F9077FFFA2_at_fsmpls17.whmc.af.mil>
>X-Mailer: Internet Mail Service (5.5.2653.19)
>Return-Path:
>security-basics-return-21921-koremeltdown=hotmail.com_at_securityfocus.com
>X-OriginalArrivalTime: 01 Aug 2003 19:10:42.0163 (UTC)
>FILETIME=[9A144430:01C35860]
>
>A friend of mine recently went from Windows ME to Win2K, but now he has

>a trojan on his computer. He is running Norton Anti-virus, and it will

>not clean it off, it will only quarentine it. The affliction is:
>Backdoor.Trojan, and it has placed a hidden folder on his hard drive
>called:
>Payload.Dat. He cannot get ride of it. We have tried doing a search
>on
>the
>internet for some kind of information pertaining to this, but we had no
>luck. We also tried all the antiviral websites but they do not have a
tool
>for this.
>
>My question is: Has anyone ever heard of this, and if so, how do you
>clean it off.
>
>Thanks in advance for any assistance, anyone can provide.
>
>Jeff
>
>
>
>-----------------------------------------------------------------------
>----
>-----------------------------------------------------------------------
-----
>

_________________________________________________________________
STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
http://join.msn.com/?page=features/junkmail

------------------------------------------------------------------------ 

---
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
----------------------------------------------------------------------------
Received on Aug 04 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos