RE: [WinMac] PWSTEAL Trojan horse.
Subject: RE: [WinMac] PWSTEAL Trojan horse.
From: Wilcox, Curtis (cwilcox[at]esm.rochester.edu)
Date: Thu Apr 11 2002 - 12:28:16 EDT
> -----Original Message-----
> From: Brian Durant [mailto:durant@cbn.net.id]
> Sent: Thursday, April 11, 2002 12:10 PM
> To: winmac@iffy.com
> Subject: Re: [WinMac] PWSTEAL Trojan horse.
>
>
> On Thursday 11 April 2002 22:36, Wilcox, Curtis wrote:
> > Here's more information.
> >
> http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName
> =W97M_GOGA.A&
> >V Sect=T
> >
> > This page explains what the "hacker tool" DIALPWD.exe does.
> > http://spywin.security-on.net/step.php
>
> Thanks Curtis,
>
> So if I understand this correctly, the trojan horse was in a
> Word macro/file
> and the purpose was to get passwords for dialup connections.
> I assume the
> purpose was to kidnap or zombie a/some servers or simply to
> get free Internet
> time. The question is how do I get rid of the .exe file and
> do I need to do
If the file is in quarantine, delete it from there. Otherwise, find the file
on the hard drive and delete it.
> any registry editing?
The tech details at the Trend web page imply the registry is not altered.
However, if the trojan successfully ran, it would be a good idea to change
all cached passwords (dial-up or others) used on that machine.
*** Windows-MacintoshOS Cooperation List ***
FAQ: http://www.darryl.com/winmacfaq/
Archive: http://www.darryl.com/winmac/
To unsubscribe, send mail to winmac-unsubscribe@iffy.com
This archive was generated by hypermail 2b28
: Thu Apr 11 2002 - 12:28:39 EDT
|