lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Law12-F84eFJ1i4Pl9L0005ab67@hotmail.com>
From: axid3j1al at hotmail.com (axid3j1al axid3j1al)
Subject: Removal?



>From: "Schmehl, Paul L" <pauls@...allas.edu>
>To: "axid3j1al axid3j1al" <axid3j1al@...mail.com>,   
><full-disclosure@...ts.netsys.com>
>Subject: RE: [Full-Disclosure] Removal?
>Date: Tue, 3 Feb 2004 14:02:29 -0600
>
> > -----Original Message-----
> > From: full-disclosure-admin@...ts.netsys.com
> > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of
> > axid3j1al axid3j1al
> > Sent: Tuesday, February 03, 2004 12:03 AM
> > To: full-disclosure@...ts.netsys.com
> > Subject: [Full-Disclosure] Removal?
> >
> >
> > How do I delete the virus that is not detectable by norton av (latest
> > definitions)
> >
>http://housecall.antivirus.com/
> >
> > but has the files
> > c:\windows\system32\f~q\fag.exe
> > c:\windows\system32\f~q\usr_crt.dll
> >
> > i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ?
> >

Good Idea.

But did not work.

usr_crtl.dll wont unregister and fag.exe is not in the process list.



>regsvr32 /u c:\windows\system32\f~q\usr_crt.dll
>del c:\windows\system32\f~q\usr_crt.dll
>Ctrl-Alt-Del/Task Manager/Processes
>Locate fag.exe and End Process
>
>Get your AV software up to date and keep it that way.
>Go to Windows Update and patch to current.

Norton is fully patched to current as is windows update.

Current versions of  adaware, spybot (search & Destroy) or norton found any 
trace of the trojan.
Even when pointed directly at that directory. Anything else that recgnises 
this?

>
>Paul Schmehl (pauls@...allas.edu)
>Adjunct Information Security Officer
>The University of Texas at Dallas
>AVIEN Founding Member
>http://www.utdallas.edu/~pauls/
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________________________________________________________
E-mail just got a whole lot better. New ninemsn Premium. Click here  
http://ninemsn.com.au/premium/landing.asp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ