New backdoor??

Discussion in 'malware problems & news' started by wanderz, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. wanderz

    wanderz Registered Member

    Joined:
    Feb 19, 2006
    Posts:
    1
    Greetings all. I have noticed several of my machines have become infected with something that Symatec AV says is backdoor.femo. The problem is that this backdoor is app. 3 years old. Our environment is as such:

    1. all people run as Users
    2. all machines have latest virus defs

    The backdoor puts itself in the system32 folder.

    I have infected my computer to gain some insight. Here are the regmon and filemon outputs.

    A google of the rdsessmgr64 files shows zero hits.

    Any help would be greatly appreciated as I am completely stumped.

    The file uploaded is a zip file renamed to logs.log (rename to logs.zip)

    Regards,

    Gary
     

    Attached Files:

  2. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    could be a false positive scan the file with the online jotti file scanner
     
  3. controler

    controler Guest

    Last edited by a moderator: Feb 21, 2006
  4. controler

    controler Guest

    If you are running Windows 64 bit version, then maybe the files listed on Symantec link I posted will be differnt names for the 64 bit version.
    I am sure you are running a 64 bit version of Norton also?

    controler
     
  5. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.