Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Premium Member
Joined
·
1,611 Posts
Doonz,
they are usually located in \\PDC\netlogon share which shares the directory of c:\winnt\system32\repl\import\scripts directory..

..going back to your previous post..you've listed a file on there called tftp879.exe... Backdoornthack actually "phones home" to a host and downloads components so I think that might be a part of it...microsofts explanation is that the virus downloads the file called Dl.exe and runs install routine and installs a folder in hidden folder in C:\Winnt\System32\Os2\ folder ...You can also look in your process list for processes listed in ALL CAPS.. I would also recommend changing admin pwd. because its most likely they are stolen by now and ready to ship out....
I will keep up with this thread and keep an eye on new things for ya...
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top