Solved

Win2k - How to remove trojan

Posted on 2003-11-26
6
1,443 Views
Last Modified: 2013-12-04
Greetings,

   I believe one of my win2k has been attacked by a trojan. This trojan listen and accept connection on port 8080. When we try to connect to this port (8080) via browser, it return the following :

220 h4xore's Server ready for leeching... 530 Not logged in. 530 Not logged in. 530 Not logged in. 530 Not logged in. 331 User name okay, need password. 530 Not logged in. 530 Not logged in. 421 Maximum session time exceeded - closing.

Question 1 : May i know how to remove this trojan ? I suspect this trojan running in win2k services... Is it any command can list out all the  services that is listening for a connection ?

Thanks & regards,
Kok Choon.
0
Comment
Question by:kokchoon78
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 24

Assisted Solution

by:shivsa
shivsa earned 100 total points
ID: 9823275
0
 
LVL 4

Author Comment

by:kokchoon78
ID: 9823298
Thanks for the hyperlinks... may i know which one is the best ? or recommended ? or trusted ?
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9823344
go with
Trojan Remover :http://www.simplysup.com/
this got 4 star. and very trusted.

also u can run online scanner from
http://security.symantec.com/ which is everyone know trusted
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 24

Expert Comment

by:shivsa
ID: 9823371
For spyware checking and/or removal:
An EXCELLENT source for SpyBot Search & Destroy (SBSD) ...
http://www.lurkhere.com
<Nice Files>

Install, then immediately ...
<Online>
<Update> then ...
<Check for Problems> then ...
<Fix Selected Problems>
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 100 total points
ID: 9824162
Use trojan remover to see if that would solve the issue..

Also use Hijackthis and it would give you a log file.
Post the log file here and we would be abe to figure out the culprit ..

Sunray
0
 
LVL 13

Accepted Solution

by:
Gnart earned 300 total points
ID: 9825886
Your system has been hacked (h4xore's) and is being used (may be) for posting file for others to download (leeching).  Basically you are being used as a FTP site.  Locate the service that is running and shut it down...... It may have been renamed.

1) check the services to see if anything is unusual and shut down that service.
2) check the registry for run of the module and remove it.

I have to run out now.  I will follow up on this one.... But I think the information that I provided will give you enough leads to look for and remove it.... if possible email me the module for analysis and collection.

cheers
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Current IT security breaches/attacks in banking 2 131
Most secure Linux or x86 Unix that are least prone to ransomware/malware 24 142
Compromised PC? 17 250
SCSM reports export 1 50
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
OfficeMate Freezes on login or does not load after login credentials are input.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

735 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question