vir z windows v azboxu

PetrT30 · Příspěvek od **PetrT30** » 21 črc 2012, 20:17

Dokáže mi tohle někdo vysvětlit kde se vzal tento parchant v azboxu ve složce Configuration? Jedná se o červa Brontok. Info zde: http://www.microsoft.com/security/porta ... 2147570894

Výpis z Microsoft Security Essentials:

Kód: Vybrat vše

Položky: 
file:\\AZBOXHD\Configuration\cache\ldconfig\ldconfig.exe
file:\\AZBOXHD\Configuration\etc\avahi\avahi.exe
file:\\AZBOXHD\Configuration\etc\avahi\etc\etc.exe
file:\\AZBOXHD\Configuration\etc\avahi\services\services.exe
file:\\AZBOXHD\Configuration\etc\cron\cron.exe
file:\\AZBOXHD\Configuration\etc\cron\crontabs\crontabs.exe
file:\\AZBOXHD\Configuration\etc\cron\scripts\scripts.exe
file:\\AZBOXHD\Configuration\etc\dbus-1\dbus-1.exe
file:\\AZBOXHD\Configuration\etc\dbus-1\system.d\system.d`.exe
file:\\AZBOXHD\Configuration\etc\default\default.exe
file:\\AZBOXHD\Configuration\etc\dropbear\dropbear.exe
file:\\AZBOXHD\Configuration\etc\enigma2\enigma2.exe
file:\\AZBOXHD\Configuration\etc\etc.exe
file:\\AZBOXHD\Configuration\etc\init.d\init.d`.exe
file:\\AZBOXHD\Configuration\etc\ipkg\ipkg.exe
file:\\AZBOXHD\Configuration\etc\ipkg\opkg.exe
file:\\AZBOXHD\Configuration\etc\joe\charmaps\charmaps.exe
file:\\AZBOXHD\Configuration\etc\joe\joe.exe
file:\\AZBOXHD\Configuration\etc\joe\syntax\syntax.exe
file:\\AZBOXHD\Configuration\etc\modutils\modutils.exe
file:\\AZBOXHD\Configuration\etc\MultiQuickButton\MultiQuickButton.exe
file:\\AZBOXHD\Configuration\etc\network\if-down.d\if-down.d`.exe
file:\\AZBOXHD\Configuration\etc\network\if-post-down.d\if-post-down.d`.exe
file:\\AZBOXHD\Configuration\etc\network\if-pre-up.d\if-pre-up.d`.exe
file:\\AZBOXHD\Configuration\etc\network\if-up.d\if-up.d`.exe
file:\\AZBOXHD\Configuration\etc\network\network.exe
file:\\AZBOXHD\Configuration\etc\opkg\ipkg.exe
file:\\AZBOXHD\Configuration\etc\opkg\opkg.exe
file:\\AZBOXHD\Configuration\etc\ppp\ip-down.d\ip-down.d`.exe
file:\\AZBOXHD\Configuration\etc\ppp\ip-up.d\ip-up.d`.exe
file:\\AZBOXHD\Configuration\etc\ppp\ppp.exe
file:\\AZBOXHD\Configuration\etc\rc.d\init.d\init.d`.exe
file:\\AZBOXHD\Configuration\etc\rc0.d\rc0.d`.exe
file:\\AZBOXHD\Configuration\etc\rc1.d\rc1.d`.exe
file:\\AZBOXHD\Configuration\etc\rc2.d\rc2.d`.exe
file:\\AZBOXHD\Configuration\etc\rc3.d\rc3.d`.exe
file:\\AZBOXHD\Configuration\etc\rc4.d\rc4.d`.exe
file:\\AZBOXHD\Configuration\etc\rc5.d\rc5.d`.exe
file:\\AZBOXHD\Configuration\etc\rc6.d\rc6.d`.exe
file:\\AZBOXHD\Configuration\etc\rcS.d\rcS.d`.exe
file:\\AZBOXHD\Configuration\etc\samba\private\private.exe
file:\\AZBOXHD\Configuration\etc\samba\samba.exe
file:\\AZBOXHD\Configuration\etc\skel\skel.exe
file:\\AZBOXHD\Configuration\etc\terminfo\a\a.exe
file:\\AZBOXHD\Configuration\etc\terminfo\d\d.exe
file:\\AZBOXHD\Configuration\etc\terminfo\l\l.exe
file:\\AZBOXHD\Configuration\etc\terminfo\r\r.exe
file:\\AZBOXHD\Configuration\etc\terminfo\s\s.exe
file:\\AZBOXHD\Configuration\etc\terminfo\x\x.exe
file:\\AZBOXHD\Configuration\etc\tuxbox\config\config.exe
file:\\AZBOXHD\Configuration\etc\tuxtxt\tuxtxt.exe
file:\\AZBOXHD\Configuration\etc\udev\rules.d\rules.d`.exe
file:\\AZBOXHD\Configuration\etc\udev\scripts\scripts.exe
file:\\AZBOXHD\Configuration\etc\udev\udev.exe
file:\\AZBOXHD\Configuration\etc\udhcpc.d\udhcpc.d`.exe
file:\\AZBOXHD\Configuration\etc\Wireless\RT2870STA\RT2870STA.exe
file:\\AZBOXHD\Configuration\etc\wpa_supplicant\wpa_supplicant.exe
file:\\AZBOXHD\Configuration\lib\dbus\dbus.exe
file:\\AZBOXHD\Configuration\lock\lock.exe
file:\\AZBOXHD\Configuration\log\log.exe
file:\\AZBOXHD\Configuration\run\autofs\autofs.exe
file:\\AZBOXHD\Configuration\run\avahi-daemon\avahi-daemon.exe
file:\\AZBOXHD\Configuration\run\dbus\dbus.exe
file:\\AZBOXHD\Configuration\run\run.exe
file:\\AZBOXHD\Configuration\scce\scce.exe
file:\\AZBOXHD\Configuration\tmp\tmp.exe
file:\\AZBOXHD\Configuration\tuxbox\config\config.exe

Nasral se mi i na HDD na mém RT-N16. Nějak mi není jasný jak se tam dostal

a jak tomu zabránit aby se to nestalo znova.

Yano · Příspěvek od **Yano** » 21 črc 2012, 21:55

SAMBA a plny pristup na AZBox disk z cohokolvek na tvojej LAN.

vladkoj · Příspěvek od **vladkoj** » 21 črc 2012, 23:46

Kto sa ti tam pripojil (alebo ty) ma zavireny pocitac.

PetrT30 · Příspěvek od **PetrT30** » 22 črc 2012, 08:32

na mem pc ten vir neni! Jak zaheslovat sambu?

Yano · Příspěvek od **Yano** » 22 črc 2012, 14:22

Zacal by som tu-->> /etc/samba/smb.conf
google napovie viac

PetrT30 · Příspěvek od **PetrT30** » 22 črc 2012, 18:59

našel jsem v tmp log ze samby. Včera jsem červa odstranil a dnes tam byl znovu.
V logu jsem našel dvě IP které se na sambu připojovali. Moje a ještě jedna, ale adresy (kromě mého PC) mi přiděluje DHCP server tak to už teď nezjistím.

Díky za nákop s smb.conf.
Soubor smbpasswd v /etc/samba/private/ je pro heslo? Pokud ano jméno je root?

PetrT30 · Příspěvek od **PetrT30** » 22 črc 2012, 20:06

Červeně označená položka by měla stačit
[Configuration]
comment = Configuration files - take care!
path = /var
read only = yes
public = yes
guest ok = yes

Satdigitalne.cz

vir z windows v azboxu

vir z windows v azboxu

Re: vir z windows v azboxu

Re: vir z windows v azboxu

Re: vir z windows v azboxu

Re: vir z windows v azboxu

Re: vir z windows v azboxu

Re: vir z windows v azboxu