Re: W2K Compromise - PipeCmdSrv

From: Corey Coblentz (burts_tacopalaceat_private)
Date: Mon Mar 10 2003 - 17:43:16 PST

Next message: Robin Lynn Frank: "Re: Port 3335"

Previous message: Darwin: "Re: [Full-Disclosure] Bypassing Black Ice PC protection?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <20021021121930.70633.qmailat_private> I got nailed by this, and managed to get rid of it by killing the systask.exe process it seems to hide behind and just remove mIRC via add/remove. It seemed to get the LEGACY_PIPECMDSRV registry entry, and I couldn't find it on my system (not to say it's not still there). Gotta stop being as lazy about security... ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>

Next message: Robin Lynn Frank: "Re: Port 3335"
Previous message: Darwin: "Re: [Full-Disclosure] Bypassing Black Ice PC protection?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 08:34:38 PST