Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

Hack warning

  • 11-06-1999 09:40PM
    #1
    Creeper
    Closed Accounts Posts: 124 ✭✭


    You all know about back orifice and various Trojan Horses. Here is a new one (well new to me, and I try to keep up).

    Recently my machine has starting slowing down, and this strange, since it's a 450 with a TNT. I checked what was running, and I was explorer, systray, rnaapp and something else. When your machine is on the net, this is all you should have running (assuming you don't use any other ****e).
    I managed to get rid of this Trojan horse after a bit of ****ing around...took me a while, I didn't realise it was a hack tool. I didn't know what the **** it was. Just something that made my machine slow. So here you go.

    Sockets de Troie: - MSchv32.exe [also look for csmctrl32.exe, mgadeskdll.exe, rsrcload.exe]

    I was these files on my PC. I don't know how they got there or who put them there. I have the latest McAfee v4 + datfiles etc etc.
    It's like Back Orifice, but luckily (to my knowledge) nobody used to **** up my pc. It just slowed it down! I managed to kill it before I realised what it was.
    The "clever" bit is. You kill the process, and it's gone until you reboot (yes, I know it gets loaded in the registry.....this bit later). When you reboot it loads with a different name (rsrcload.exe,csctrl32.exe,mgadeskdll.exe).
    To get rid of it.....
    First, CTRL-ALT-DELETE, kill the ****er.
    Next, REGEDIT.
    Go to HKEY_LOCALMACHINE/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/
    You should see some folders (or whatever they are called in the registry) called RUN,RONONCE, RUNSERVICES, and RUNSERVICESONCE. Go through all of these (it only gets loaded in 2 of them I think) and remove and references to rsrcload.exe, csmctrl32.exe or mgadeskdll.exe.

    Some of you "l33t haX0r5" (did I spell that right?) might know all about this.... But what can I say... I read all the relevant web pages and I never heard nothing about this Sockets de Troie or whatever. All frog **** sounds the same to me. And Mr.Mindphuck himself told me mgadeskdll.exe was something to do with my graphics card...... Good thing I never listen to anyone. smile.gif





Comments

  • #2
    SickBoy
    Registered Users, Registered Users 2, Paid Member Posts: 3,575 ✭✭✭SickBoy


    Actually MP was kinda on the right track there, mgadesk.dll is a matrox control pannel yokie but mgadeskdll.exe certinly isnt smile.gif Trust nobody!

    Jimmy...


  • #3
    Hobbes
    Registered Users, Registered Users 2 Posts: 21,264 ✭✭✭✭Hobbes


    Go to this site...

    http://www.commodon.com/threat/frame.htm

    It will tell you everything (well almost) to look out for.

    I also recommend getting a firewall, http://www.signal9.com is a pretty good one. It won't stop you getting infected, but it does warn if something tries to open up ports or connect to your machine.



Advertisement