('binary' encoding is not supported, stored as-is) In-Reply-To: <5.2.0.9.2.20030612105515.020e77b8@localhost> Hi, Isn't this Hacker Defender v0.7.3 with modificated filenames and some utils added? The syntax of *.ini is exactly the same anyway.... Cheers, Kalle > >If you don't mind me asking... how did you identify these files (eg. what >tools, etc). > >I have a Windows hard drive that was rooted, and I've found some of the >files from Linux (only having basic unix skills, I wouldn't know how to go >too much farther), but I've been unable to find all of them. I would >dearly love to find the install/original file, but in the mean time I would >settle for the ini/config files which might tell me if I have missed any of >the others. The root kit has elements of the Hacker Defender rootkit, but >seems to have gone even farther. > >Yours, > >John > > >At 11:57 AM 6/12/2003 -0400, Drew Weaver wrote: >> Hi, with the help or Karl Levinson I was able to detect the presence of >>a rootkit on one of my windows 2000 servers, I was able to grab the files >>and zip them, so maybe we can watch for this stuff in the future, im not >>sure if this rootkit has a particular name or what/not, you can get the >>files here: >> >>http://www.soul-fu.com/beenhaxxored.zip >> >>Thanks Karl. >> >>-Drew >> >> >>------------------------------------------------------------------------ ---- >>------------------------------------------------------------------------ ---- > >------------------------------------------------- >John Ives, GCWN >Systems Administrator >College of Chemistry >(510) 643-1033 > >"If you spend more on coffee than on IT security, Then you will be hacked. >What's more, you deserve to be hacked." - Richard Clarke > >Any opinions expressed are my own and not those of the Regents of the >University of California. > > >------------------------------------------------------------------------- --- >------------------------------------------------------------------------- --- > > ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 13:30:41 PDT