Solved

Win2k - How to remove trojan

Posted on 2003-11-26
6
1,437 Views
Last Modified: 2013-12-04
Greetings,

   I believe one of my win2k has been attacked by a trojan. This trojan listen and accept connection on port 8080. When we try to connect to this port (8080) via browser, it return the following :

220 h4xore's Server ready for leeching... 530 Not logged in. 530 Not logged in. 530 Not logged in. 530 Not logged in. 331 User name okay, need password. 530 Not logged in. 530 Not logged in. 421 Maximum session time exceeded - closing.

Question 1 : May i know how to remove this trojan ? I suspect this trojan running in win2k services... Is it any command can list out all the  services that is listening for a connection ?

Thanks & regards,
Kok Choon.
0
Comment
Question by:kokchoon78
6 Comments
 
LVL 24

Assisted Solution

by:shivsa
shivsa earned 100 total points
ID: 9823275
0
 
LVL 4

Author Comment

by:kokchoon78
ID: 9823298
Thanks for the hyperlinks... may i know which one is the best ? or recommended ? or trusted ?
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9823344
go with
Trojan Remover :http://www.simplysup.com/
this got 4 star. and very trusted.

also u can run online scanner from
http://security.symantec.com/ which is everyone know trusted
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 24

Expert Comment

by:shivsa
ID: 9823371
For spyware checking and/or removal:
An EXCELLENT source for SpyBot Search & Destroy (SBSD) ...
http://www.lurkhere.com
<Nice Files>

Install, then immediately ...
<Online>
<Update> then ...
<Check for Problems> then ...
<Fix Selected Problems>
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 100 total points
ID: 9824162
Use trojan remover to see if that would solve the issue..

Also use Hijackthis and it would give you a log file.
Post the log file here and we would be abe to figure out the culprit ..

Sunray
0
 
LVL 13

Accepted Solution

by:
Gnart earned 300 total points
ID: 9825886
Your system has been hacked (h4xore's) and is being used (may be) for posting file for others to download (leeching).  Basically you are being used as a FTP site.  Locate the service that is running and shut it down...... It may have been renamed.

1) check the services to see if anything is unusual and shut down that service.
2) check the registry for run of the module and remove it.

I have to run out now.  I will follow up on this one.... But I think the information that I provided will give you enough leads to look for and remove it.... if possible email me the module for analysis and collection.

cheers
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now