Solved

Win2k - How to remove trojan

Posted on 2003-11-26
6
1,447 Views
Last Modified: 2013-12-04
Greetings,

   I believe one of my win2k has been attacked by a trojan. This trojan listen and accept connection on port 8080. When we try to connect to this port (8080) via browser, it return the following :

220 h4xore's Server ready for leeching... 530 Not logged in. 530 Not logged in. 530 Not logged in. 530 Not logged in. 331 User name okay, need password. 530 Not logged in. 530 Not logged in. 421 Maximum session time exceeded - closing.

Question 1 : May i know how to remove this trojan ? I suspect this trojan running in win2k services... Is it any command can list out all the  services that is listening for a connection ?

Thanks & regards,
Kok Choon.
0
Comment
Question by:kokchoon78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 24

Assisted Solution

by:shivsa
shivsa earned 100 total points
ID: 9823275
0
 
LVL 4

Author Comment

by:kokchoon78
ID: 9823298
Thanks for the hyperlinks... may i know which one is the best ? or recommended ? or trusted ?
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9823344
go with
Trojan Remover :http://www.simplysup.com/
this got 4 star. and very trusted.

also u can run online scanner from
http://security.symantec.com/ which is everyone know trusted
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 24

Expert Comment

by:shivsa
ID: 9823371
For spyware checking and/or removal:
An EXCELLENT source for SpyBot Search & Destroy (SBSD) ...
http://www.lurkhere.com
<Nice Files>

Install, then immediately ...
<Online>
<Update> then ...
<Check for Problems> then ...
<Fix Selected Problems>
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 100 total points
ID: 9824162
Use trojan remover to see if that would solve the issue..

Also use Hijackthis and it would give you a log file.
Post the log file here and we would be abe to figure out the culprit ..

Sunray
0
 
LVL 13

Accepted Solution

by:
Gnart earned 300 total points
ID: 9825886
Your system has been hacked (h4xore's) and is being used (may be) for posting file for others to download (leeching).  Basically you are being used as a FTP site.  Locate the service that is running and shut it down...... It may have been renamed.

1) check the services to see if anything is unusual and shut down that service.
2) check the registry for run of the module and remove it.

I have to run out now.  I will follow up on this one.... But I think the information that I provided will give you enough leads to look for and remove it.... if possible email me the module for analysis and collection.

cheers
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
OfficeMate Freezes on login or does not load after login credentials are input.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question