It appears as if a valid name for it is MfXP and it appears somewhat popular in Warez groups. Most of the files in your provided zip (thanks for posting it) appear to be renamed versions of popular utilities from Sysinternals, Foundstone, ntsecurity.nu and MS Reskit. It's kinda funny, in searching for "MFXP" in CopernicPro I came across a fair # of hits that were apparently Warez sites that had since been cleaned by the respective net admins. Regards, Dan Perez -----Original Message----- From: Drew Weaver [mailto:drewat_private] Sent: Thursday, June 12, 2003 8:57 AM To: incidentsat_private Subject: Windows 2k rootkit incident, files zipped for your pleasure. Hi, with the help or Karl Levinson I was able to detect the presence of a rootkit on one of my windows 2000 servers, I was able to grab the files and zip them, so maybe we can watch for this stuff in the future, im not sure if this rootkit has a particular name or what/not, you can get the files here: http://www.soul-fu.com/beenhaxxored.zip Thanks Karl. -Drew ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jun 13 2003 - 13:31:57 PDT