Full Disclosure mailing list archives
RE: Looking for a tool
From: Harlan Carvey <keydet89 () yahoo com>
Date: Thu, 4 Mar 2004 12:57:09 -0800 (PST)
ok i was not speculating, this proecess is a win32 service. these types of images cannot be stopped by a admin from the process manager, they have to be stopped from the serives mmc under the admininstative tools in contol panel. since this is exactly what the first post described i said it was a service.
I'm subscribed to the list...and I never saw anything from Paul to show that this is a service. Is there a Registry key? Was there any enumeration via the SCM? Based on Paul's initial description, you're correct...but as I pointed out, there isn't enough hard information. I've dealt with IR cases before where the administrator swore that the malicious process (an IRC bot) was "hidden" from the Task Manager, when it was simply named something other than "maliciousIRCbot.exe". _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Looking for a tool Schmehl, Paul L (Mar 01)
- <Possible follow-ups>
- RE: Looking for a tool Tremaine Lea (Mar 01)
- RE: Looking for a tool Schmehl, Paul L (Mar 01)
- Re: Looking for a tool Tim (Mar 01)
- RE: Looking for a tool Aditya, ALD [Aditya Lalit Deshmukh] (Mar 03)
- RE: Looking for a tool Harlan Carvey (Mar 03)
- RE: Looking for a tool Aditya, ALD [Aditya Lalit Deshmukh] (Mar 04)
- RE: Looking for a tool Harlan Carvey (Mar 04)
- Re: Looking for a tool Tim (Mar 01)
- Re: Looking for a tool Gregh (Mar 02)
- Re: Looking for a tool Dave Howe (Mar 02)
- Re: Looking for a tool Gregh (Mar 02)
- Re: Looking for a tool Dave Howe (Mar 02)
- Re: Looking for a tool Gregh (Mar 02)
- RE: Looking for a tool Jeremiah Cornelius (Mar 02)