Home page logo

basics logo Security Basics mailing list archives

Re: 答复: Hacked again???
From: Vijay Vikram <karpagamekapali () gmail com>
Date: Mon, 27 Jun 2005 12:36:38 +0530

More information on the "good" processess running in the computer -
DLLs and EXEs can be seen in


If the process is not listed in here , we can also run the 


to find the veracity of the same. 

Finally as  Yu Haitao David pointed , a HijackFix scan will yeild
results to remove the "bad" stuff


On 6/16/05, Yu Haitao David <davidyu () tencent com> wrote:
check via googling...

winproc.exe   ---- from http://www.trojaner-board.de/showthread.php?t=2153,
it must be a  brwoser hijacker, use spyware tools to remove it

Rpcservice.exe    ------ no useful information, but from its name, must be
RPC server/client. mostly used in many trojans

msnmsgr.exe  ------- if you are soure of that it is NOT from microsoft,
it IS the malicious process.

what these three combination could do? hm, if they are really worked
together, your PC might be trojaned or zombied, maybe totally controlled by
someone else.

you may solve this in the following steps:

1. using spyware removing tools, such as HijackThis, to check registry,
delete obvious suspecious entry. especially in RUN;
2. reboot to Safe Mode, delete those files listed;
3. using some browser fixing tools, such as TweakUI, to restore your

hope it helped.

发件人: Mauricio Fernandez [mailto:mfernandez () fdta-valles org] 
发送时间: 2005年6月15日 6:20
收件人: security-basics () securityfocus com
主题: Hacked again???


I am not sure, but I think that I was hacked again.

I have a w2k SP4 full patched box with KerioFirewall, and this morning I
found three running process on it:

The last one it is not the Messenger from Microsoft…

I google those file names, but all I found was in Japanese/Hebrew or
Does anyone know some attack with this three files combination?


Mauricio Fernández S.
IT Manager
Tel. 591- 445-25160
Fax. 591- 441-15056
mfernandez () fdta-valles org
Cochabamba - Bolivia

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]