[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features

To: "Alex" <alexs@xxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: RE: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 31 Mar 2004 09:32:33 +0530


> 
> 
> Looks like IRC Backdoor
> check registry:
> HKLM\Software\Microsoft\Windows\CurrentVersion\Run and delete 
> entry with regsvc32.exe
> (such as Registration Service = "regsvc32.exe")
> Do the same with 
> HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices


the port 1025 is good used for binding the task schuduler, is this doing 
something with the task schuduler.  there are plenty of naughty things to do 
there ....

-aditya


________________________________________________________________________
Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features
  - From: Alex

Prev by Date: Re: [Full-Disclosure] SMTP Encryption (S/MIME) for Outlook question
Next by Date: RE: [Full-Disclosure] Fighting useless notification mails
Previous by thread: Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features
Next by thread: Re: [Full-Disclosure] New Win32 Worm regsvc32.exe offers rootkit features
Index(es):
- Date
- Thread