|
| Iniciado por guest, 27,oct. 2014 17:29 - 6 respuestas |
| |
| | | |
|
| |
| Publicado el 27,octubre 2014 - 17:29 |
Hi all,
I have one question:
I have a Windows Service running, developed in WD15.
If I look at the framework (all the DLL) with the explorer, tha date of last change shows todays date.
Is that a normal behavior?
Is a WD application changing something in the dll, or ist it possible that these dll are corrumped?
I am asking because my customer was hacked.
Best Regards
Stefan. |
| |
| |
| | | |
|
| | |
| |
| Publicado el 27,octubre 2014 - 18:15 |
Hi stefan
No, windev is NOT changing the DLLs dates
So how that could happen, I don't know, but I would certainly compare those to the original dlls (or replace them)
Best regards |
| |
| |
| | | |
|
| | |
| |
| Publicado el 27,octubre 2014 - 22:33 |
Hi Fabrice,
thank you very much.
The problem is, that this customer seems to be hacked. Something / someone is remote controlling two applications on there system.
Have a look at this video.
=> http://cargofox-software.de/Download/IMG_3848.MOV
This is an Foxpro application, using a WD Service for data transmission and some background jobs.
We are trying to figure out what is going on, we closed all ports on this machine, except RDP(3389).
So do you think it is possible, that a corrupted WD dll might be the reason?
Are there known cases, where WD dll have been corrupted?
=> See also this image: <a class="ExternalLink" rel="nofollow" target="_blank" href="http://cargofox-software.de/Download/oli_dll_dates.png">
<img src="http://cargofox-software.de/Download/oli_dll_dates.png" border="0" class="ExternalImage" onerror="OnImageLoadFailure(this);"/>
</a>
Thank you very much for hints and ideas.
Best Regards
Stefan. |
| |
| |
| | | |
|
| | |
| |
| Publicado el 28,octubre 2014 - 03:55 |
Stefan,
All of the dlls in my deployed app have the same date as yours and my computer is not hacked.
DW |
| |
| |
| | | |
|
| | |
| |
| Publicado el 28,octubre 2014 - 10:04 |
Hi,
Are there any hardware connected to the PC, like a scale?
- Reason I ask is that somtime if you got a RS232 device (like a scale) ore something other that feeds data to a comport windows tend to install SerialMouse driver, and tries to use input as mouse x/y coordinates and PC and App`s go bananas.
Cheers
Tor-Bjarne |
| |
| |
| | | |
|
| | |
| |
| Publicado el 28,octubre 2014 - 10:31 |
Hey Stefan,
I think that you have created an executable with included WD DLL's. Each time the executable is started, the WD DLL's are extracted (overwritten or deleted first). All the DLL's receive date and time of the moment when the program starts running.
Regards,
Xavier |
| |
| |
| | | |
|
| | |
| |
| Publicado el 28,octubre 2014 - 19:32 |
Hi all,
thank you for your response.
@Tor: There is nothing connected to the PC. It is a terminal server with thin clients.
@Xavier: Yes, you got it, that was the reason.
But, we still do not know, what is going on this machine. |
| |
| |
| | | |
|
| | | | |
| | |
|