lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e92364c30409021454197d6f0f@mail.gmail.com>
From: jftucker at gmail.com (James Tucker)
Subject: win2kup2date.exe ?

<snippage>

Hi all,

   A recommendation for anyone in this situation, try using a copy of
BartPE (http://www.nu2.nu/pebuilder/) and McAffee to detect the files.
I have watched one of these variants actively attack a copy of Norton
Antivirus. Furthermore, the worm in question which I observed started
to hide its executables on parts of the disk it flagged as "damaged"
and windows begun to report this information. Ad-aware was also
installed on the machine, and after the fight begun, Ad-aware was also
corrupted on the disk. At this time there is no way to verify if this
was truly caused by the infection, although as there was no genuine
corruption found after we cleaned the disk I suspect that what I am
suggesting is accurate.

BartPE has the ability to run Ad-Aware and McAffee from a cleanly
booted OS (booted from CD) and will mount all NTFS drives on the local
system. Those of you lucky enough to have supported network cards can
get network access too. This is what I use as a last line of recovery
for systems with heavy infection loads. Be warned that some malware /
viruses are placing themselves in portions of the OS that sometimes
need replacing later. The common two are fixed by a "sfc /scannow" and
the other is fixed by repairing the TCP/IP stack using the netsh
command. Windows 2000 is more difficult and I can't remember the fixes
off the top of my head. After this level of infection, where
appropriate I would still recommend a format anyway.

Good luck with your recoveries,

J.

P.S. If read at any time, thank you to Bart and Co, this is one of the
most useful projects you have done, your bootdisks have been a long
standing toolset in my collection.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ