RE: OT : Please Help Security Guys ! (Backdoor issue)

Using a Mac OSX computer or Ubuntu is unfortunately the only real solution to viruses

However, I have had some success this past weekend (if you can call It that) with Avast for Windows XP / 7 cleaning up the current miserable strain of Vundo Virus...

The Avast Free edition was able to detect and remove many viruses that Trend/Symantec was not able to...
Finally I used Hijackthis (from trend now) to delete some weird like koakijiu.dll files in the windows\system32 directory.
I used Hijackthis > tools to delete them before the pc starts.

Then when I logged in explorer said "Rundll32.exe koakijiu.dll" error....

Hopefully this will be the decade where the world moves away from operating systems to network operating systems on all client pcs.... this virus stuff is pretty much where it was 10 years ago... no improvement.

-Joe

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Edouard Zorrilla
Sent: Monday, April 26, 2010 12:53 PM
To: security_at_groupstudy.com
Cc: ccielab_at_groupstudy.com
Subject: OT : Please Help Security Guys ! (Backdoor issue)

Hi,

Here we are facing a issue with a backdoor that use https to send information
from machines to the internnet (Turkey and Denmark- 78.189.194.126,
93.160.202.224 ). The issue is that we have clean this machines with all
antivirus we know, but machines keep sending https traffic and we do not know
how to get with the applicantion (backdoor) that sending information our
information to Turkey and Denmark. These machines are already isolated.

Do you know a windows tool so that I can get : which application is using a
specific destination protocol ?. I mean, WinMail.exe send to the internet pop3
and smtp, now I need to know which application is sending https traffic to
Internet from these machines,

Thanks a lot,

Warm regards

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 15:33:45 ART