We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
waddler - second opinion on DDS log
Comments
-
Initial look through suggests this was on it - http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Worm%3AWin32%2FMorto.A
What have they been able to tell you about it - Are they running a game server?
c:\program files\Anti CSDoS by Shocker
c:\\Documents and Settings\\Administrator\\Desktop\\HLDS By freeshmanny\\hlds.exe
There's that much crap on it it's hard to tell if it's hacked or not.0 -
good spot, that...
......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Initial look through suggests this was on it - http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?name=Worm%3AWin32%2FMorto.A
What have they been able to tell you about it - Are they running a game server?
c:\program files\Anti CSDoS by Shocker
c:\\Documents and Settings\\Administrator\\Desktop\\HLDS By freeshmanny\\hlds.exe
There's that much crap on it it's hard to tell if it's hacked or not.
^^^ my thoughts exactly about the carp
It's not a gameserver, it's one of a small office (clinic) network that the guy put together himself, with some help from the software package providers (database, booking system, etc,.) . When I saw the AntiCSDoS and read up on it, it was sort of
feasible that they could have been trying to use it to protect their systems, albeit misguided....
edit: that page you linked to was a different one to the one I found, mine was less specific about gaming servers.
Don't recognise that worm name, but when I get chance later I'll pull up t'other couple that I've already removed, for reference
Cheers for the extra eyes on this one ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
I've since removed that dodgy AVG directory, looking at a couple of the notepad files in there, funny old thing at least 2 of the names in the list were those used for the newly-created user accounts, so, hacked?? I think so.........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
I was just in the process of posting this when you replied.
How do they explain HLDS.exe in the firewall exceptions?
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\Administrator\\Desktop\\HLDS By freeshmanny\\hlds.exe"=
Everything points to this being hacked. I'd wipe it and check any others on the network.0 -
We've got a worm that "allows unauthorized access to an affected computer"
We've got a game server (HLDS)
We've got HelloVNC (hidden) "With this program you can easily find vulnerable vnc server"
We've got DUBrute "Hacking tool used for brute forcing passwords." Sophos
We've got Anti CSDoS by Shocker "Provide your Half-Life Dedicated server with protection from CSDoS and Born to be pig exploit."
On a clinics computer?
Enough evidence to say it's been hacked I'd say. Someone's been having fun with it. Possibilty of compromised personal data too?0 -
We've got a worm that "allows unauthorized access to an affected computer"
We've got a game server (HLDS)
We've got HelloVNC (hidden) "With this program you can easily find vulnerable vnc server"
We've got DUBrute "Hacking tool used for brute forcing passwords." Sophos
We've got Anti CSDoS by Shocker "Provide your Half-Life Dedicated server with protection from CSDoS and Born to be pig exploit."
On a clinics computer?
Enough evidence to say it's been hacked I'd say. Someone's been having fun with it. Possibilty of compromised personal data too?
yer not wrong mate....not good at all...........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
Ey up waddler...just for completeness these were t'other two trojans I'd binned off this machine:-
http://www.threatexpert.com/files/bin.exe.html many names for this one
http://www.threatexpert.com/report.aspx?md5=b79bbf9aa8c225c3a2327e408d75a854
I'm in the process of putting the guy a report together detailing why he should wipe this one and start afresh..........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0 -
That should make good reading for him. He really should have you wipe it & start again.I'm in the process of putting the guy a report together detailing why he should wipe this one and start afresh....
I like to clean PC's where I can instead of wiping & rebuilding, but sometimes it's the best option - this being one of those cases. Someone has had remote access to it.
Initially, If this had been a teenage gamer come wannabe hax0r, then the programs on it wouldn't have surprised me, but as it stands they definitely shouldn't have been on there.0 -
I suspect, after the deeper reading you pointed out, that maybe someone's been remotely using it for extra oomph for their games hosting, botnet-style....b@st@rds ......Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards