Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Irc Backdoor


  • Please log in to reply
3 replies to this topic

#1 klynne66

klynne66

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 30 June 2007 - 07:37 PM

Am currently following the "Preparation Guide For Use Before Posting A Hijackthis Log" - infected files found - followed removal instructions and I'm thinking my registry has been infected because after restarts I get same problems occurring which led me to what I'm trying now....and have just real quick question-

Using Autorun and comparing items to the Startup List on this site - rdpclip.exe (RDP clip monitor) is not anywhere (that I could find) on Startup List - can someone tell me if this is something legit or should be removed?

Thanks in advance

BC AdBot (Login to Remove)

 


#2 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:08 PM

Posted 30 June 2007 - 07:49 PM

Here is what I found The process called rdpclip.exe is used when you Copy and Paste files between your Terminal Server and a Client desktop. If you use Terminal Servers, this process should be left running.

rdpclip.exe is flagged as a system process and does not appear to be a security risk. However, removing Remote Desktop CopyPaste may adversly impact your system. The file should be located here: C:\WINDOWS\SYSTEM32\ It should have this file version
5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) r click on the file, properties, version tab, select file version.
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#3 klynne66

klynne66
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:08 PM

Posted 30 June 2007 - 08:19 PM

thank you so much oldf@rt :thumbsup: - you are exactly right
I've been at this for 3-4 days now and I'm thinking my brain needs a break lol

your help is very much appreciated! - (I see you're an AZ res...I was one for approx 13 yrs and miss it terribly)

thanks again

#4 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:09:08 PM

Posted 30 June 2007 - 09:33 PM

Sorry you are not here. it is now 108 at 7:30 pm .
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users