[foofus-tools] Uninstall pwdump6?

[Teh Fizzgig]

On 02/24/10 09:45, Chip Ehlers wrote:

> We have just completed an audit for one of our customers for whom we
> host their servers. Pwdump6 as part of the audit was installed which I
> perceive to be a security problem. How does it uninstall? Thanks!

Are you talking about the service, or the program itself? There is no
uninstall of the program itself - just delete it. If you are talking
about the service(s), that's trickier. In theory, it should clean up
after itself, but sometimes, for various reasons, it doesn't. If you
need to manually remove it, do the following:

- Locate a service that has an odd, random name, usually 6-8 characters.
That's prolly pwdump.

- Find out what path it is running from, jot that down.

- Stop the service, and delete it. I usually do this by binding to the
host using net use \\machine\ipc$ along with credentials, then running
"sc". In some cases, the service may be stopped, and just not deleted,
etc. That's fine - just get rid of whatever is left.

- Go to the directory where the service executable was running - delete
the randomly-named EXE and DLL file.

Hope that helps!

--f