New backdoor??

Discussion in 'malware problems & news' started by wanderz, Feb 19, 2006.

Thread Status:
Not open for further replies.
  1. wanderz

    wanderz Registered Member

    Joined:
    Feb 19, 2006
    Posts:
    1
    Greetings all. I have noticed several of my machines have become infected with something that Symatec AV says is backdoor.femo. The problem is that this backdoor is app. 3 years old. Our environment is as such:

    1. all people run as Users
    2. all machines have latest virus defs

    The backdoor puts itself in the system32 folder.

    I have infected my computer to gain some insight. Here are the regmon and filemon outputs.

    A google of the rdsessmgr64 files shows zero hits.

    Any help would be greatly appreciated as I am completely stumped.

    The file uploaded is a zip file renamed to logs.log (rename to logs.zip)

    Regards,

    Gary
     

    Attached Files:

  2. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    could be a false positive scan the file with the online jotti file scanner
     
  3. controler

    controler Guest

    Last edited by a moderator: Feb 21, 2006
  4. controler

    controler Guest

    If you are running Windows 64 bit version, then maybe the files listed on Symantec link I posted will be differnt names for the 64 bit version.
    I am sure you are running a 64 bit version of Norton also?

    controler
     
  5. IMM

    IMM Spyware Fighter

    Joined:
    May 6, 2004
    Posts:
    351
Loading...
Thread Status:
Not open for further replies.