In the autoexec.nt, maybe?
Also ... sysinternals.com ... you can run psshutdown on your machine and
*possibly* shutdown the remote box ... a la:
Psshutdown -t 50 -m "YOUR SERVER IS INFECTED, CLEAN IT!" -f
\\InfectedServersIP
... <no -r should do a shutdown, with a -r it is a restart ... >
Thanks!
TJ
-----Original Message-----
From: Marshal [mailto:marshal_at_marshal-soft.com]
Sent: Friday, November 09, 2001 8:08 AM
To: Lincoln Yeoh
Cc: Robert Freeman; foob_at_return0.net; supergate_at_twlc.net;
vuln-dev_at_securityfocus.com
Subject: Re: Shutting down windows NT remotely (without winnt
toolkit)?
Lincoln Yeoh wrote:
> At 12:06 AM 05-11-2000 -0800, Robert Freeman wrote:
>
>>A reboot is helpful unless the NT box is not password protected or has an
>>agent to automatically enter the password upon startup. Until an admin
shows
>>up the box is basically useless.
>>
>
> AFAIK the services still start after a reboot. So the trojaned box still
> scans the whole internet.
I don't for NT but a 'echo your box has a trojan' 'pause' in
autoexec.bat would do the trick on a windows 95/98 machine..probably
something similair is possible on NT?
--
grt, marshal
[ url : http://www.startplaza.nu | security news & links ]
[ url : http://www.heknet.com | security news & exploits ]
*****************************************************************************
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized.
If you are not the intended recipient, any disclosure, copying, distribution
or any action taken or omitted to be taken in reliance on it, is prohibited
and may be unlawful. When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions expressed in
the governing KPMG client engagement letter.
*****************************************************************************
Received on Nov 10 2001
Intro
