RE: Help, possible rootkit

["ISNYC" <admin () infosecnyc com>]

I wouldnt run detection tools from the OS, use a BootCD.

Pref: FIRE or Knoppix/Knoppix-STD

FIRE by DMZ Services Inc.
http://fire.dmzs.com/ 

Knoppix STD 0.1
http://www.knoppix-std.org/ 

KNOPPIX Bootable Linux CD
http://www.knopper.net/knoppix/index-en.html 


Good Luck,
Dominick S.





-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of BillyBob
Sent: Saturday, October 23, 2004 12:05 PM
To: Full Disclosure
Subject: [Full-disclosure] Help, possible rootkit


I have noticed that my XP system is behaving like I have a rootkit.

- My mouse is jumpy (it freezes for a second when I move it around the
desktop) and the minimized Taskmanager in the systray shows I have around 25
- 30 % usage, but when I open it, there is no process listed using this
much.
- I did a netstat, fport, openports and none of these show that I have any
odd ports open or any connections established.
- even when I disconnect from the Internet these symptoms do not stop.  They
stop if I reboot, but then start again.

I have ran VICE, Klister, PatchFinder and RkDetect from rootkit.com and they
could not find anything.

Any more suggestions ?
Any more rootkit finding tools for Windows ?

Thanks
Bill

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html