Full Disclosure mailing list archives

Re: List of worm and trojan files

From: Barrie Dempster <barrie () reboot-robot net>
Date: Fri, 24 Dec 2004 09:37:14 +0000

On Thu, 2004-12-23 at 21:22 -0500, Carilda A Thomas wrote:
<snip>

Task manager is also 
destroyed, so there is no help there.

<snip>

Try using filemon, regmon, pstools and tcpview from www.sysinternals.com. As long as the attacker
hasn't hijacked any system calls this should provide enough information
to at least recognise a rogue program.

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

List of worm and trojan files Carilda A Thomas (Dec 22)
- Re: List of worm and trojan files Matt McCormack (Dec 22)
- <Possible follow-ups>
- Re: List of worm and trojan files Carilda A Thomas (Dec 23)
  - Re: List of worm and trojan files Barrie Dempster (Dec 24)
  - Re: List of worm and trojan files Kevin (Dec 24)
    - Re: List of worm and trojan files GuidoZ (Dec 28)
  - RE: List of worm and trojan files ALD, Aditya, Aditya Lalit Deshmukh (Dec 24)
- Re: List of worm and trojan files Sam Gentle (Dec 24)
- RE: List of worm and trojan files Todd Towles (Dec 29)