Re: OT : Please Help Security Guys ! (Backdoor issue)

Hi,

I got with the issue, explorer.exe was sending information to Turkey and
Denmark using https. Do you know how to see if the explorer.exe has been
cracked ?. Maybe I can edit with a binary tool.,

Thanks

----- Original Message -----
From: "Andrey Tarasov" <andyvt_at_gmail.com>
To: <Charles.Henson_at_regions.com>
Cc: "Edouard Zorrilla" <ezorrilla_at_tsf.com.pe>; <ccielab_at_groupstudy.com>;
<nobody_at_groupstudy.com>; <security_at_groupstudy.com>
Sent: Monday, April 26, 2010 10:07 AM
Subject: Re: OT : Please Help Security Guys ! (Backdoor issue)

> Hi Edouard,
>
> "netstat -ab" is your friend.
>
> Regards,
> Andrey.
>
>> Hi,
>>
>> Here we are facing a issue with a backdoor that use https to send
>> information
>> from machines to the internnet (Turkey and Denmark- 78.189.194.126,
>> 93.160.202.224 ). The issue is that we have clean this machines with all
>> antivirus we know, but machines keep sending https traffic and we do not
>> know
>> how to get with the applicantion (backdoor) that sending information our
>> information to Turkey and Denmark. These machines are already isolated.
>>
>> Do you know a windows tool so that I can get : which application is using
>> a
>> specific destination protocol ?. I mean, WinMail.exe send to the internet
>> pop3
>> and smtp, now I need to know which application is sending https traffic
>> to
>> Internet from these machines,
>>
>> Thanks a lot,
>>
>> Warm regards

Blogs and organic groups at http://www.ccie.net
Received on Mon Apr 26 2010 - 15:19:11 ART