Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: New Win32 Worm regsvc32.exe offers rootkit features
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>
Date: Wed, 31 Mar 2004 09:32:33 +0530

Looks like IRC Backdoor
check registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run and delete 
entry with regsvc32.exe
(such as Registration Service = "regsvc32.exe")
Do the same with 

the port 1025 is good used for binding the task schuduler, is this doing something with the task schuduler.  there are 
plenty of naughty things to do there ....


Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]