Full Disclosure mailing list archives
RE: Looking for a tool
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Mon, 1 Mar 2004 17:36:44 -0600
-----Original Message----- From: Nick Jacobsen [mailto:nick () ethicsdesign com] Sent: Monday, March 01, 2004 5:31 PM To: Schmehl, Paul L; full-disclosure () lists netsys com Subject: RE: [Full-disclosure] Looking for a tool Well, I usually use *sysinternals* Process Exporer, and have yet to see it fail to list a process... how do you know the process exists, if you can't list it? Real simple. I have randomly named processes (like gk5odre.exe) popping up, and when I kill them, another one takes their place. *Something* has to be the parent than controls this. I can delete an entire registry key and watch it be recreated in less than a second. I can delete a directory with three dlls in it and watch it be recreated right before my eyes. I can kill the randomly named process and watch it reappear using the same name or a completely different name. I can delete the executable after killing the process, and it will be recreated in no time. So *something* has to be controlling it, yet when I look at the process tree, the randomly named process appears to be the parent. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
Current thread:
- Looking for a tool Schmehl, Paul L (Mar 01)
- <Possible follow-ups>
- RE: Looking for a tool Tremaine Lea (Mar 01)
- RE: Looking for a tool Schmehl, Paul L (Mar 01)
- Re: Looking for a tool Tim (Mar 01)
- RE: Looking for a tool Aditya, ALD [Aditya Lalit Deshmukh] (Mar 03)
- RE: Looking for a tool Harlan Carvey (Mar 03)
- RE: Looking for a tool Aditya, ALD [Aditya Lalit Deshmukh] (Mar 04)
- RE: Looking for a tool Harlan Carvey (Mar 04)
- Re: Looking for a tool Tim (Mar 01)
- Re: Looking for a tool Gregh (Mar 02)
- Re: Looking for a tool Dave Howe (Mar 02)
- Re: Looking for a tool Gregh (Mar 02)