Subject: | |
From: | |
Reply To: | |
Date: | Tue, 25 Nov 2008 16:39:23 -0800 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Well, I feel all grown up now. Had to deal with a root kit.
The syptoms are the DNS server was replaced with
85.255.112.189
85.255.112.113
When I looked up the IP address, the location was in the Ukraine. Given that it was east of Jersey, I figured nothing good could come from it. :-)
Every time I tried to change it, it came back. I deleted the adapter, cleaned the registry several times, and it would come back.
With a little sleuthing I was able to find a tool to detect the root kit and remove it.
The files removed were..
c:\documents and settings\Sharon\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\resycled
c:\resycled\boot.com
c:\windows\system32\dccbdf3_d.dll
c:\windows\system32\kdbaw.exe
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
Now keep in mind, since it was a root kit, I could not see the C:\resycled directory.
Scary stuff, the hackers are getting more sophisticated thanks to Sony.
-Craig
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|