lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ELEOLHOJFMBPBFCJHOCIMEEIDPAA.aditya.deshmukh@online.gateway.technolabs.net>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [Aditya Lalit Deshmukh])
Subject: New Win32 Worm regsvc32.exe offers rootkit features


> 
> 
> Looks like IRC Backdoor
> check registry:
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run and delete 
> entry with regsvc32.exe
> (such as Registration Service = "regsvc32.exe")
> Do the same with 
> HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices


the port 1025 is good used for binding the task schuduler, is this doing something with the task schuduler.  there are plenty of naughty things to do there ....

-aditya


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ