lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <B7C2C6BA798F3C4DBDD78BEDC1F8AD57017599D3@nycmb01.law.sullcrom.com>
From: dowlingg at sullcrom.com (Dowling, Gabrielle)
Subject: Mystery DNS Changes

I haven't seen anything that indicates the hosts file and registry files have changed from those originally described.  Aolfix will be gone when you look since it deletes itself after doing the other changed.

Some of the registry keys that were discussed on this list previously are guids for nics that would of course vary.  Symantec has full info, and also a removal tool that will at least help with the registy entries.

This self removal aspect of qhostsis rather a nasty, and should be noted.  We had one av workstation detection today due to the temporary internet files haing an affected hta file, but given that we clear those on restart and that the exeutable deletes itself, av is probably of no help for already affectewd boxes, so we'll have to implement other things to check that.

G  

 -----Original Message-----
From: 	Mike O'Connor
Sent:	Fri Oct 03 20:14:48 2003
To:	full-disclosure@...ts.netsys.com
Subject:	RE: [Full-Disclosure] Mystery DNS Changes

I have the described behaviour when visiting google.com, but have
neither the aolfix.exe nor registry entries, on my XP box.  Where would
one find the registry entry for the current DNS(s)?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



**********************************************************************
This e-mail is sent by a law firm and contains information
that may be privileged and confidential. If you are not the 
intended recipient, please delete the e-mail and notify us 
immediately. 
***********************************************************************


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ