Forum » Operacijski sistemi » Trojan W32.IRCBot.F
Trojan W32.IRCBot.F
Tear_DR0P ::
V službi smo dobl na server (WinXP SP2) tega trojanca, na ostale računalnike pa E različico. Težava je ker je strežnik zablokiran, mi ga pa ne smemo resetirat, ker na njem potekajo eni ključni procesi, ki se ne smejo prekint.
Symantec link pravi naslednje o trojancu.
Trojac nam je onemogoču dostop do task managerja, da bi se dal pogledat procese in sprostit RAM. Ker je en program na strežniku zanič, se občasno zacikla in zapolni RAM, mi pa bi ga radi sprostil. Kako ubijem proces, če ne morem do konzole ali do task managerja???
aja pa reset odpade :)))
Symantec link pravi naslednje o trojancu.
Trojac nam je onemogoču dostop do task managerja, da bi se dal pogledat procese in sprostit RAM. Ker je en program na strežniku zanič, se občasno zacikla in zapolni RAM, mi pa bi ga radi sprostil. Kako ubijem proces, če ne morem do konzole ali do task managerja???
aja pa reset odpade :)))
"Figures don't lie, but liars figure."
Samuel Clemens aka Mark Twain
Samuel Clemens aka Mark Twain
Tear_DR0P ::
OK reset smo že naredl, kljub temu da ni bil v opciji. Zdej se pa mal zabavamo :)))
"Figures don't lie, but liars figure."
Samuel Clemens aka Mark Twain
Samuel Clemens aka Mark Twain
Tear_DR0P ::
Hvala za odgovor, tudi command prompta se ni dal zagnat, tko da mi ni nič nucal :))
"Figures don't lie, but liars figure."
Samuel Clemens aka Mark Twain
Samuel Clemens aka Mark Twain
Microsoft ::
Mogoce bi slo tako, da bi na drugem PCju pognal taskkill v command prompt:
TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]
Description:
This command line tool can be used to end one or more processes.
Processes can be killed by the process id or image name.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which
the command should execute.
/P [password] Specifies the password for the given
user context. Prompts for input if omitted.
/F Specifies to forcefully terminate
process(es).
/FI filter Displays a set of tasks that match a
given criteria specified by the filter.
/PID process id Specifies the PID of the process that
has to be terminated.
/IM image name Specifies the image name of the process
that has to be terminated. Wildcard '*'
can be used to specify all image names.
/T Tree kill: terminates the specified process
and any child processes which were started by it.
/? Displays this help/usage.
Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------
STATUS eq, ne RUNNING | NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
NOTE: Wildcard '*' for the /IM switch is accepted only with filters.
NOTE: Termination of remote processes will always be done forcefully
irrespective of whether /F option is specified or not.
Examples:
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"
Zdele sem poizkusil, pa cisto lepo dela. Uporabil sem taksen ukaz:
taskkill /S 192.168.123.2 /U Administrator /P password /IM cmd.exe
Edino, kar je se tu treba postorit, je to, da na PCju, kjer to pozenes, firewall nekaj zajamra, na target PCju, pa tud Windows Managemant Instruments nekaj zatezi ce imas firewall.
by Miha
TASKKILL [/S system [/U username [/P [password]]]]
{ [/FI filter] [/PID processid | /IM imagename] } [/F] [/T]
Description:
This command line tool can be used to end one or more processes.
Processes can be killed by the process id or image name.
Parameter List:
/S system Specifies the remote system to connect to.
/U [domain\]user Specifies the user context under which
the command should execute.
/P [password] Specifies the password for the given
user context. Prompts for input if omitted.
/F Specifies to forcefully terminate
process(es).
/FI filter Displays a set of tasks that match a
given criteria specified by the filter.
/PID process id Specifies the PID of the process that
has to be terminated.
/IM image name Specifies the image name of the process
that has to be terminated. Wildcard '*'
can be used to specify all image names.
/T Tree kill: terminates the specified process
and any child processes which were started by it.
/? Displays this help/usage.
Filters:
Filter Name Valid Operators Valid Value(s)
----------- --------------- --------------
STATUS eq, ne RUNNING | NOT RESPONDING
IMAGENAME eq, ne Image name
PID eq, ne, gt, lt, ge, le PID value
SESSION eq, ne, gt, lt, ge, le Session number.
CPUTIME eq, ne, gt, lt, ge, le CPU time in the format
of hh:mm:ss.
hh - hours,
mm - minutes, ss - seconds
MEMUSAGE eq, ne, gt, lt, ge, le Memory usage in KB
USERNAME eq, ne User name in [domain\]user
format
MODULES eq, ne DLL name
SERVICES eq, ne Service name
WINDOWTITLE eq, ne Window title
NOTE: Wildcard '*' for the /IM switch is accepted only with filters.
NOTE: Termination of remote processes will always be done forcefully
irrespective of whether /F option is specified or not.
Examples:
TASKKILL /S system /F /IM notepad.exe /T
TASKKILL /PID 1230 /PID 1241 /PID 1253 /T
TASKKILL /F /IM notepad.exe /IM mspaint.exe
TASKKILL /F /FI "PID ge 1000" /FI "WINDOWTITLE ne untitle*"
TASKKILL /F /FI "USERNAME eq NT AUTHORITY\SYSTEM" /IM notepad.exe
TASKKILL /S system /U domain\username /FI "USERNAME ne NT*" /IM *
TASKKILL /S system /U username /P password /FI "IMAGENAME eq note*"
Zdele sem poizkusil, pa cisto lepo dela. Uporabil sem taksen ukaz:
taskkill /S 192.168.123.2 /U Administrator /P password /IM cmd.exe
Edino, kar je se tu treba postorit, je to, da na PCju, kjer to pozenes, firewall nekaj zajamra, na target PCju, pa tud Windows Managemant Instruments nekaj zatezi ce imas firewall.
by Miha
s8eqaWrumatu*h-+r5wre3$ev_pheNeyut#VUbraS@e2$u5ESwE67&uhukuCh3pr
Zgodovina sprememb…
- spremenil: Microsoft ()
Tear_DR0P ::
Hvala. Usefull info za vnaprej. MSo to težavo zdej odpravl z resetom. Ampak drugič bomo pa tko probal :)))
"Figures don't lie, but liars figure."
Samuel Clemens aka Mark Twain
Samuel Clemens aka Mark Twain
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | PSEXEC problemOddelek: Operacijski sistemi | 608 (536) | Pesimist |
| » | Simple batch file za ubiti dolocene procese?Oddelek: Programiranje | 882 (825) | Pesimist |
| » | BAT file - Auto zaprtje DOS oknaOddelek: Pomoč in nasveti | 1931 (1796) | ender |
| » | XP Task ManagerOddelek: Operacijski sistemi | 1301 (1262) | #000000 |
| » | Remote windows reset from LInuxOddelek: Operacijski sistemi | 1217 (1093) | BigWhale |