My recent run-in with a couple of backdoor trojans...
Posted: 2004-05-26 01:43pm
Noticed on the one computer I use for downloading that an additional browser window would open when I opened my homepage, clued me off that something was not right. Soooo I go and check the startup list and find these little gems in my system32 folder:
msiexec16.exe
realupd.exe
vujokic.exe
msrexe.exe
ntdll.exe
Netstat -a command also pointed to a connection to 65.75.181.110; whoever owns that domain has a bunch of spammer/scammer sites registered to it (courtesy of whois.com)
During the required surgery to remove them I also noticed that my admin password was changed. Fucker!!
Long story short, they're all gone for now and the system is updated. I'm sure Einey will have fun with this one.
msiexec16.exe
realupd.exe
vujokic.exe
msrexe.exe
ntdll.exe
Netstat -a command also pointed to a connection to 65.75.181.110; whoever owns that domain has a bunch of spammer/scammer sites registered to it (courtesy of whois.com)
During the required surgery to remove them I also noticed that my admin password was changed. Fucker!!
Long story short, they're all gone for now and the system is updated. I'm sure Einey will have fun with this one.