 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
Hello, I just mailed out the csrss.exe binary to everyone who asked for it. Ifanyone else would like this just let me know. I have what we belive to be the complete kit. Jason Jason Alexander wrote: Hello all, Were seeing some machine compromised becasue of the RPC/DCOM issues where they didn't get patched in time. One thing we are finding is a program running on port 6651 that identifies itself as pAdmin - by: pdi in a web browser. This interface has a place for a password. The program is run by a troan csrss.exe in C:\winnt\system32\restore and is installed at the same time an FTP server is installed. I did a strings on the csrss.exe but turned up nothing that worked as a password. Can anyone tell me more about this program or what it might be. Or the password. Our virus scanners don't seem to detect it but there is something called Backdoor.Padmin that is listed in Nortons Database. But very little information is given. Thanks Jason Alexander --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.