Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > incidents > 03 > 040955.html (Request Expert securityfocus.com Support)

Re: Logon.dll? Possible root-kit?

From: Nick Jacobsen <nick(at)ethicsdesign.com>
Date: Wed Apr 02 2003 - 23:29:21 EST

I will be packaging all the suspect files I find into a rar and putting them on my site. Should be sometime tomarrow morning. At that time, I'll go ahead and send a link to them. Thanks for the help with offers to RE them...

Nick Jacobsen
Ethics Design
nick@ethicsdesign.com

  • Original Message ----- From: "Exurity Debugs" <exbugs@rogers.com> To: "Nick Jacobsen" <nick@ethicsdesign.com> Sent: Wednesday, April 02, 2003 8:24 PM Subject: RE: Logon.dll? Possible root-kit?

> Could you get a copy of them and kindly send to me to reverse?
>
> Peter Huang
> http://members.rogers.com/exurity/
> Executable Security
called
> in till well after the incident, and they did not have any logs from the
a
> file called logon.dll in the winnt\system32 directory, that was NOT made
by
> microsoft, and two, that inetsrv (internet information services) does not
machine
> as well. The file name was r_bot.dll, and it connected to irc.choopa.net, 

--

> Powerful Anti-Spam Management and More...




----------------------------------------------------------------------------
Powerful Anti-Spam Management and More...
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.securityfocus.com/SurfControl-incidents
Received on Thu Apr 3 19:30:27 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:01 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library