If you don't mind me asking... how did you identify these files (eg. what tools, etc). I have a Windows hard drive that was rooted, and I've found some of the files from Linux (only having basic unix skills, I wouldn't know how to go too much farther), but I've been unable to find all of them. I would dearly love to find the install/original file, but in the mean time I would settle for the ini/config files which might tell me if I have missed any of the others. The root kit has elements of the Hacker Defender rootkit, but seems to have gone even farther. Yours, John At 11:57 AM 6/12/2003 -0400, Drew Weaver wrote: > Hi, with the help or Karl Levinson I was able to detect the presence of >a rootkit on one of my windows 2000 servers, I was able to grab the files >and zip them, so maybe we can watch for this stuff in the future, im not >sure if this rootkit has a particular name or what/not, you can get the >files here: > >http://www.soul-fu.com/beenhaxxored.zip > >Thanks Karl. > >-Drew > > >---------------------------------------------------------------------------- >---------------------------------------------------------------------------- ------------------------------------------------- John Ives, GCWN Systems Administrator College of Chemistry (510) 643-1033 "If you spend more on coffee than on IT security, Then you will be hacked. What's more, you deserve to be hacked." - Richard Clarke Any opinions expressed are my own and not those of the Regents of the University of California. ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 13:29:50 PDT