mailing list archives
Re: 答复: Hacked again???
From: Vijay Vikram <karpagamekapali () gmail com>
Date: Mon, 27 Jun 2005 12:36:38 +0530
More information on the "good" processess running in the computer -
DLLs and EXEs can be seen in
If the process is not listed in here , we can also run the
to find the veracity of the same.
Finally as Yu Haitao David pointed , a HijackFix scan will yeild
results to remove the "bad" stuff
On 6/16/05, Yu Haitao David <davidyu () tencent com> wrote:
check via googling...
winproc.exe ---- from http://www.trojaner-board.de/showthread.php?t=2153,
it must be a brwoser hijacker, use spyware tools to remove it
Rpcservice.exe ------ no useful information, but from its name, must be
RPC server/client. mostly used in many trojans
msnmsgr.exe ------- if you are soure of that it is NOT from microsoft,
it IS the malicious process.
what these three combination could do? hm, if they are really worked
together, your PC might be trojaned or zombied, maybe totally controlled by
you may solve this in the following steps:
1. using spyware removing tools, such as HijackThis, to check registry,
delete obvious suspecious entry. especially in RUN;
2. reboot to Safe Mode, delete those files listed;
3. using some browser fixing tools, such as TweakUI, to restore your
hope it helped.
发件人: Mauricio Fernandez [mailto:mfernandez () fdta-valles org]
发送时间: 2005年6月15日 6:20
收件人: security-basics () securityfocus com
主题: Hacked again???
I am not sure, but I think that I was hacked again.
I have a w2k SP4 full patched box with KerioFirewall, and this morning I
found three running process on it:
The last one it is not the Messenger from Microsoft…
I google those file names, but all I found was in Japanese/Hebrew or
Does anyone know some attack with this three files combination?
Mauricio Fernández S.
Tel. 591- 445-25160
Fax. 591- 441-15056
mfernandez () fdta-valles org
Cochabamba - Bolivia
Re: Hacked again??? Christoph 'knurd' Jeschke (Jun 17)