We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.   We support Microsoft .NET Framework 2.0 & 1.1, all versions of Access, SQL 2000, SQL 7.0, SQL 2005 Express, SOAP, FrontPage 2002, 2003, Visual Studio 2005, Index Server, XML, UDDI, & Mobile device support. We also offer great third party tools like SmarterMail, Merak Mail, SmarterStats, PHP, Perl, MySql, DeepMetrix Livestats XSP 8.0.
 Sunday, January 22, 2006
DFind.exe

Today a most interesting exploit came to my attention with the unknown service DFind exe in task manager. I admit it did hide pretty well from me for awhile at anyrate. Hidding this inside the hidden folder system volume information was a interesting little twist. After killing the service and deleting it was pretty easy to remove however.

Threats
1/22/2006 5:41:46 PM (Pacific Standard Time, UTC-08:00)  #    Disclaimer  |  Comments [2]  | 
Related Posts:
UPS phishing again
Obama sex video
Attack Breaks DNS Patches!
Kaminsky provides the why
DNS vulnerability
MPack: the Strange Case of the Mass-Hacking Tool
12/5/2007 3:20:16 PM (Pacific Standard Time, UTC-08:00)
I have a server that keeps getting infected with Dfind.exe. I remove it, but some how a hacker is able to re-upload it into the sysvol folder.

Any ideas how the hacker is getting in?

Thanks
Dan
Dan Journo |danjournoAT NOSPAMgmail dot com
1/2/2008 4:55:10 AM (Pacific Standard Time, UTC-08:00)
DFind is not a virus dudes, you can get it on my homepage http://heapoverflow.com, this is a small command line scanner, you have been probably hacked by a malicious door then the hacker used to use your computer to anonymously scan the web under your identity. Anyway this is not a service nor a virus, if its running on your box then a human started it :)
Arnaud D. |webmasterAT NOSPAMheapoverflow dot com
Name
E-mail
Home page

Comment (HTML not allowed)  

Enter the code shown (prevents robots):