Solved

Win2k - How to remove trojan

Posted on 2003-11-26
6
1,434 Views
Last Modified: 2013-12-04
Greetings,

   I believe one of my win2k has been attacked by a trojan. This trojan listen and accept connection on port 8080. When we try to connect to this port (8080) via browser, it return the following :

220 h4xore's Server ready for leeching... 530 Not logged in. 530 Not logged in. 530 Not logged in. 530 Not logged in. 331 User name okay, need password. 530 Not logged in. 530 Not logged in. 421 Maximum session time exceeded - closing.

Question 1 : May i know how to remove this trojan ? I suspect this trojan running in win2k services... Is it any command can list out all the  services that is listening for a connection ?

Thanks & regards,
Kok Choon.
0
Comment
Question by:kokchoon78
6 Comments
 
LVL 24

Assisted Solution

by:shivsa
shivsa earned 100 total points
ID: 9823275
0
 
LVL 4

Author Comment

by:kokchoon78
ID: 9823298
Thanks for the hyperlinks... may i know which one is the best ? or recommended ? or trusted ?
0
 
LVL 24

Expert Comment

by:shivsa
ID: 9823344
go with
Trojan Remover :http://www.simplysup.com/
this got 4 star. and very trusted.

also u can run online scanner from
http://security.symantec.com/ which is everyone know trusted
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 24

Expert Comment

by:shivsa
ID: 9823371
For spyware checking and/or removal:
An EXCELLENT source for SpyBot Search & Destroy (SBSD) ...
http://www.lurkhere.com
<Nice Files>

Install, then immediately ...
<Online>
<Update> then ...
<Check for Problems> then ...
<Fix Selected Problems>
0
 
LVL 49

Assisted Solution

by:sunray_2003
sunray_2003 earned 100 total points
ID: 9824162
Use trojan remover to see if that would solve the issue..

Also use Hijackthis and it would give you a log file.
Post the log file here and we would be abe to figure out the culprit ..

Sunray
0
 
LVL 13

Accepted Solution

by:
Gnart earned 300 total points
ID: 9825886
Your system has been hacked (h4xore's) and is being used (may be) for posting file for others to download (leeching).  Basically you are being used as a FTP site.  Locate the service that is running and shut it down...... It may have been renamed.

1) check the services to see if anything is unusual and shut down that service.
2) check the registry for run of the module and remove it.

I have to run out now.  I will follow up on this one.... But I think the information that I provided will give you enough leads to look for and remove it.... if possible email me the module for analysis and collection.

cheers
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now