Security Incidents: Re: W2K Compromise

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Security Incidents mailing list archives

Re: W2K Compromise - PipeCmdSrv

From: Corey Coblentz <burts_tacopalace () hotmail com>
Date: 11 Mar 2003 01:43:16 -0000

In-Reply-To: <20021021121930.70633.qmail () web20504 mail yahoo com>

I got nailed by this, and managed to get rid of it by killing the 
systask.exe process it seems to hide behind and just remove mIRC via 
add/remove.
It seemed to get the LEGACY_PIPECMDSRV registry entry, and I couldn't find 
it on my system (not to say it's not still there).

Gotta stop being as lazy about security...

----------------------------------------------------------------------------

<Pre>Lose another weekend managing your IDS?
Take back your personal time.
15-day free trial of StillSecure Border Guard.</Pre>
<A href="http://www.securityfocus.com/stillsecure";> http://www.securityfocus.com/stillsecure </A>

By Date By Thread

Current thread:

Re: W2K Compromise - PipeCmdSrv Corey Coblentz (Mar 11)