RE: OT : Please Help Security Guys ! (Backdoor issue)

One of the higher ranked products out there is MSE (Microsoft Security
Essentials). It is free if you are running legit M$ software and does a
pretty good job. You could also get the virus total uploader which sends a
hash of files you download (manually) to a central site for validating
against several AV programs. I agree with Joseph that OSX or Linux is
better but they're not clear these days either.

Charles Henson

|------------>
| From: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |"Joseph L. Brunner" <joe_at_affirmedsystems.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| To: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |Edouard Zorrilla <ezorrilla_at_tsf.com.pe>, "security_at_groupstudy.com" <security_at_groupstudy.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Cc: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |"ccielab_at_groupstudy.com" <ccielab_at_groupstudy.com> |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Date: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |04/26/2010 02:36 PM |
>--------------------------------------------------------------------------------------------------------------------------------------------------|
|------------>
| Subject: |
|------------>
>--------------------------------------------------------------------------------------------------------------------------------------------------|
  |RE: OT : Please Help Security Guys ! (Backdoor issue) |
>--------------------------------------------------------------------------------------------------------------------------------------------------|

Using a Mac OSX computer or Ubuntu is unfortunately the only real solution
to viruses

However, I have had some success this past weekend (if you can call It
that) with Avast for Windows XP / 7 cleaning up the current miserable
strain of Vundo Virus...

The Avast Free edition was able to detect and remove many viruses that
Trend/Symantec was not able to...
Finally I used Hijackthis (from trend now) to delete some weird like
koakijiu.dll files in the windows\system32 directory.
I used Hijackthis > tools to delete them before the pc starts.

Then when I logged in explorer said "Rundll32.exe koakijiu.dll" error....

Hopefully this will be the decade where the world moves away from operating
systems to network operating systems on all client pcs.... this virus stuff
is pretty much where it was 10 years ago... no improvement.

-Joe

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Edouard Zorrilla
Sent: Monday, April 26, 2010 12:53 PM
To: security_at_groupstudy.com
Cc: ccielab_at_groupstudy.com
Subject: OT : Please Help Security Guys ! (Backdoor issue)

Hi,

Here we are facing a issue with a backdoor that use https to send
information
from machines to the internnet (Turkey and Denmark- 78.189.194.126,
93.160.202.224 ). The issue is that we have clean this machines with all
antivirus we know, but machines keep sending https traffic and we do not
know
how to get with the applicantion (backdoor) that sending information our
information to Turkey and Denmark. These machines are already isolated.

Do you know a windows tool so that I can get : which application is using a
specific destination protocol ?. I mean, WinMail.exe send to the internet
pop3
and smtp, now I need to know which application is sending https traffic to
Internet from these machines,

Thanks a lot,

Warm regards

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 14:40:06 ART