Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Hack warning

Options
  • 11-06-1999 9:40pm
    #1
    Creeper
    Closed Accounts Posts: 124 ✭✭


    You all know about back orifice and various Trojan Horses. Here is a new one (well new to me, and I try to keep up).

    Recently my machine has starting slowing down, and this strange, since it's a 450 with a TNT. I checked what was running, and I was explorer, systray, rnaapp and something else. When your machine is on the net, this is all you should have running (assuming you don't use any other ****e).
    I managed to get rid of this Trojan horse after a bit of ****ing around...took me a while, I didn't realise it was a hack tool. I didn't know what the **** it was. Just something that made my machine slow. So here you go.

    Sockets de Troie: - MSchv32.exe [also look for csmctrl32.exe, mgadeskdll.exe, rsrcload.exe]

    I was these files on my PC. I don't know how they got there or who put them there. I have the latest McAfee v4 + datfiles etc etc.
    It's like Back Orifice, but luckily (to my knowledge) nobody used to **** up my pc. It just slowed it down! I managed to kill it before I realised what it was.
    The "clever" bit is. You kill the process, and it's gone until you reboot (yes, I know it gets loaded in the registry.....this bit later). When you reboot it loads with a different name (rsrcload.exe,csctrl32.exe,mgadeskdll.exe).
    To get rid of it.....
    First, CTRL-ALT-DELETE, kill the ****er.
    Next, REGEDIT.
    Go to HKEY_LOCALMACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/
    You should see some folders (or whatever they are called in the registry) called RUN,RONONCE, RUNSERVICES, and RUNSERVICESONCE. Go through all of these (it only gets loaded in 2 of them I think) and remove and references to rsrcload.exe, csmctrl32.exe or mgadeskdll.exe.

    Some of you "l33t haX0r5" (did I spell that right?) might know all about this.... But what can I say... I read all the relevant web pages and I never heard nothing about this Sockets de Troie or whatever. All frog **** sounds the same to me. And Mr.Mindphuck himself told me mgadeskdll.exe was something to do with my graphics card...... Good thing I never listen to anyone. smile.gif





Comments

  • Options
    #2
    SickBoy
    Registered Users Posts: 3,529 ✭✭✭SickBoy


    Actually MP was kinda on the right track there, mgadesk.dll is a matrox control pannel yokie but mgadeskdll.exe certinly isnt smile.gif Trust nobody!

    Jimmy...


  • Options
    #3
    Hobbes
    Registered Users Posts: 21,264 ✭✭✭✭Hobbes


    Go to this site...

    http://www.commodon.com/threat/frame.htm

    It will tell you everything (well almost) to look out for.

    I also recommend getting a firewall, http://www.signal9.com is a pretty good one. It won't stop you getting infected, but it does warn if something tries to open up ports or connect to your machine.



Advertisement