In the autoexec.nt, maybe? Also ... sysinternals.com ... you can run psshutdown on your machine and *possibly* shutdown the remote box ... a la: Psshutdown -t 50 -m "YOUR SERVER IS INFECTED, CLEAN IT!" -f \\InfectedServersIP ... <no -r should do a shutdown, with a -r it is a restart ... > Thanks! TJ -----Original Message----- From: Marshal [mailto:marshal@marshal-soft.com] Sent: Friday, November 09, 2001 8:08 AM To: Lincoln Yeoh Cc: Robert Freeman; foobat_private; supergateat_private; vuln-devat_private Subject: Re: Shutting down windows NT remotely (without winnt toolkit)? Lincoln Yeoh wrote: > At 12:06 AM 05-11-2000 -0800, Robert Freeman wrote: > >>A reboot is helpful unless the NT box is not password protected or has an >>agent to automatically enter the password upon startup. Until an admin shows >>up the box is basically useless. >> > > AFAIK the services still start after a reboot. So the trojaned box still > scans the whole internet. I don't for NT but a 'echo your box has a trojan' 'pause' in autoexec.bat would do the trick on a windows 95/98 machine..probably something similair is possible on NT? -- grt, marshal [ url : http://www.startplaza.nu | security news & links ] [ url : http://www.heknet.com | security news & exploits ] ***************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. When addressed to our clients any opinions or advice contained in this email are subject to the terms and conditions expressed in the governing KPMG client engagement letter. *****************************************************************************
This archive was generated by hypermail 2b30 : Fri Nov 09 2001 - 22:10:44 PST