Judge it!
OWNER VIRUS REMOVAL SOLUTION
IF YOU SEE THIS FILE ( OWNER.EXE IN YOU TASK MANAGER ) THEN YOUR SYSTEM IS INFECTED
This is a DDOS attack which uses stack-based buffer overflow in Symantec Antivirus and Client Security allows remote attackers to execute arbitrary code via unknown attack vectors. The patch for this is not at released.
You can see here the series of SYN attack
It uses 2 types of ports, port no 666 and 2967,
Port no: 666 uses Trojan Attack FTP (Trojan.Win32.FTP_Attack), which is level 8 that means Highly Dangerous Trojan,
Port no: 2967 is used by ssc- agent (Symantec System Center)
Which will create a series of connection through port no 2967, and start sending SYN attack to targeted system (desired by remote computer)
Owner.exe is just establishing the connection to remote hacker through port no 666
Deleting this file is temp solution
Its is easy to delete this file ,
Just execute this command:( before deleting this file , pls read below)
cd c:\windows\system32
Attrib.exe owner.exe –h –r –s
Now u can see that file in system32 folder
Just type this command to del: del owner.exe
There are two more entries in c:\windows\prefatch folder
Delete these entries:
Entries will be like this Owner.exe-<HEX mem value > .pf [delete this first]
Due to this only Owner.exe is started again…
While windows startup, it will read files in that folder ( prefatch ),
it make use of new windows performance increasing technology to restart the Trojan
Delete the startup file in msconifg
And
In run type this
reg delete HKLM\Software\Microsoft\Window s\CurrentVersion\Run\Microsoft
or run > regedit
Search owner.exe, delete all entries.
Once it established the connection through port no 666
It started sending the [ shares, computer name , services running all network info … etc]
YOU CAN SEE THIS IN THE PACKET DECODER
EMERGENCY SOLUTION FOR THIS IS BLOCK PORT NO 666 IN ROUTER OR FIREWALL
We can’t block port no 2967 since it has been used by Symantec Antivirus
Comments
Showing posts
1 - 4 of4
|
|
||||
|
this article is good
but not very good |
||||
|
Abu Dhabi, UAE |
very helpful, Thanks
|
|||
|
damn good ! keep it up
|
||||
|
||||
Showing posts
1 - 4 of4
Please note by clicking on "Post Comment" you acknowledge that you have read the Terms of Service and the comment you are posting is in compliance with such terms. Be polite. Inappropriate posts may be removed by the moderator. Send us your feedback.
Other Recent Norwalk Virus Discussions
Search the Norwalk Virus Forum:
Search the Norwalk Virus Forum:
| Topic | Updated | Last By | Comments |
|---|---|---|---|
| Norwalk oysterman opens water quality testing lab | Oct '09 | Westporter | 8 |
| Chicken substitute targeted in lawsuit | Sep '09 | YESSS | 15 |
| Illness breaks out aboard Hawaiian islands crui... (Jul '08) | Jun '09 | fendsell | 9 |
| Living with diabetes: local woman blogs about t... (Jun '09) | Jun '09 | Laura | 1 |
| House passes sick day legislation (May '09) | May '09 | Don Vito | 5 |
| Confirmed Connecticut Swine Flu Cases Rises To 56 (May '09) | May '09 | watcher | 10 |
| State's Swine Flu Cases Now Total 56 (May '09) | May '09 | Stop Whining | 5 |
Install the Topix Community Toolbar
Never miss another reply to your comments, no matter where you are on the web.
Daily Horoscope for December 6
Scorpio
Surround yourself with loved ones today; it will do you the world of good to be with them. It's non-demanding, easy company, and everyone will do their best to keep the atmosphere happy and convivial. Any form of interior design or decorating will go well now, helped by your artistic eye and flair for drama.
|
Reach local customers. Engage a specific demographic. Maximize business-to-business opportunities. Topix can deliver your message.
|
Copyright ©2009 Topix LLC
