Solved

Win2k - How to remove trojan

Posted on 2003-11-26
6
1,439 Views
Last Modified: 2013-12-04
Greetings,

   I believe one of my win2k has been attacked by a trojan. This trojan listen and accept connection on port 8080. When we try to connect to this port (8080) via browser, it return the following :

220 h4xore's Server ready for leeching... 530 Not logged in. 530 Not logged in. 530 Not logged in. 530 Not logged in. 331 User name okay, need password. 530 Not logged in. 530 Not logged in. 421 Maximum session time exceeded - closing.

Question 1 : May i know how to remove this trojan ? I suspect this trojan running in win2k services... Is it any command can list out all the  services that is listening for a connection ?

Thanks & regards,
Kok Choon.
0
Comment
Question by:kokchoon78
6 Comments
 
LVL 24

Assisted Solution

by:shivsa
shivsa earned 100 total points
ID: 9823275
0
 
LVL 4

Author Comment

by:kokchoon78
ID: 9823298
Thanks for the hyperlinks... may i know which one is the best ? or recommended ? or trusted ?
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9823344
go with
Trojan Remover :http://www.simplysup.com/
this got 4 star. and very trusted.

also u can run online scanner from
http://security.symantec.com/ which is everyone know trusted
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 24

Expert Comment

by:shivsa
ID: 9823371
For spyware checking and/or removal:
An EXCELLENT source for SpyBot Search & Destroy (SBSD) ...
http://www.lurkhere.com
<Nice Files>

Install, then immediately ...
<Online>
<Update> then ...
<Check for Problems> then ...
<Fix Selected Problems>
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 100 total points
ID: 9824162
Use trojan remover to see if that would solve the issue..

Also use Hijackthis and it would give you a log file.
Post the log file here and we would be abe to figure out the culprit ..

Sunray
0
 
LVL 13

Accepted Solution

by:
Gnart earned 300 total points
ID: 9825886
Your system has been hacked (h4xore's) and is being used (may be) for posting file for others to download (leeching).  Basically you are being used as a FTP site.  Locate the service that is running and shut it down...... It may have been renamed.

1) check the services to see if anything is unusual and shut down that service.
2) check the registry for run of the module and remove it.

I have to run out now.  I will follow up on this one.... But I think the information that I provided will give you enough leads to look for and remove it.... if possible email me the module for analysis and collection.

cheers
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now