RE: Help, possible rootkit

["Alan Melia \(Melmac\)" <alanme () melmac co uk>]

First check to see what processes are running.  TaskList is built in but I
would recommend.
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Get to know your machine and what processes are running normally.  With
25-30% CPU it should stick out like a sore thumb.  

Oh yeah don't run as admin (see http://blogs.msdn.com/aaron_margosis).

Alan
 

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of BillyBob
Sent: 23 October 2004 17:05
To: Full Disclosure
Subject: [Full-disclosure] Help, possible rootkit

I have noticed that my XP system is behaving like I have a rootkit.

- My mouse is jumpy (it freezes for a second when I move it around the
desktop) and the minimized Taskmanager in the systray shows I have around
25 - 30 % usage, but when I open it, there is no process listed using this
much.
- I did a netstat, fport, openports and none of these show that I have any
odd ports open or any connections established.
- even when I disconnect from the Internet these symptoms do not stop.  They
stop if I reboot, but then start again.

I have ran VICE, Klister, PatchFinder and RkDetect from rootkit.com and they
could not find anything.

Any more suggestions ?
Any more rootkit finding tools for Windows ?

Thanks
Bill

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html