Full Disclosure mailing list archives
Re: List of worm and trojan files
From: Barrie Dempster <barrie () reboot-robot net>
Date: Fri, 24 Dec 2004 09:37:14 +0000
On Thu, 2004-12-23 at 21:22 -0500, Carilda A Thomas wrote: <snip>
Task manager is also destroyed, so there is no help there.
<snip> Try using filemon, regmon, pstools and tcpview from www.sysinternals.com. As long as the attacker hasn't hijacked any system calls this should provide enough information to at least recognise a rogue program. With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- List of worm and trojan files Carilda A Thomas (Dec 22)
- Re: List of worm and trojan files Matt McCormack (Dec 22)
- <Possible follow-ups>
- Re: List of worm and trojan files Carilda A Thomas (Dec 23)
- Re: List of worm and trojan files Barrie Dempster (Dec 24)
- Re: List of worm and trojan files Kevin (Dec 24)
- Re: List of worm and trojan files GuidoZ (Dec 28)
- RE: List of worm and trojan files ALD, Aditya, Aditya Lalit Deshmukh (Dec 24)
- Re: List of worm and trojan files Sam Gentle (Dec 24)
- RE: List of worm and trojan files Todd Towles (Dec 29)