Full Disclosure mailing list archives

RE: [inbox] Re: Help, possible rootkit

From: "Exibar" <exibar () thelair com>
Date: Sat, 23 Oct 2004 16:45:30 -0400

Perhaps is a piece of spyware and not a rootkit afterall?  Spyware would be
a more common item to find on a computer system than a rootkit.  Run
Spoybot: search and destroy and Adaware on your machine.

  How up to date is your Antivirus as well?  Did you run a full antivirus
scan on your system to rule out a virus?

  Exibar

-----Original Message-----
From: Michael Rutledge [mailto:michael4447 () gmail com]
Sent: Saturday, October 23, 2004 1:11 PM
To: BillyBob
Cc: Full Disclosure
Subject: [inbox] Re: [Full-disclosure] Help, possible rootkit

What type of software do you use on a regular basis, and what software
have you installed recently?  Is this a new install of XP?  Also, have
you installed SP2?

Give us a little background about your system so that we can rule out
common software gliches.

-Michael

On Sat, 23 Oct 2004 13:05:29 -0300, BillyBob
<billybobknob () hotmail com> wrote:

I have noticed that my XP system is behaving like I have a rootkit.

- My mouse is jumpy (it freezes for a second when I move it around the
desktop) and the minimized Taskmanager in the systray shows I

have around

25 - 30 % usage, but when I open it, there is no process listed

using this

much.
- I did a netstat, fport, openports and none of these show that

I have any

odd ports open or any connections established.
- even when I disconnect from the Internet these symptoms do

not stop.  They

stop if I reboot, but then start again.

I have ran VICE, Klister, PatchFinder and RkDetect from

rootkit.com and they

could not find anything.

Any more suggestions ?
Any more rootkit finding tools for Windows ?

Thanks
Bill

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Help, possible rootkit BillyBob (Oct 23)
- Re: Help, possible rootkit Michael Rutledge (Oct 23)
  - RE: [inbox] Re: Help, possible rootkit Exibar (Oct 23)
- RE: Help, possible rootkit ISNYC (Oct 23)
- RE: Help, possible rootkit Alan Melia (Melmac) (Oct 23)
- Re: Help, possible rootkit Ali Campbell (Oct 24)
  - Re: Help, possible rootkit Harry de Grote (Oct 25)
- <Possible follow-ups>
- Re: Help, possible rootkit BillyBob (Oct 23)
  - Re: Help, possible rootkit Azerail (Oct 23)
  - Re: Help, possible rootkit MN Vasquez (Oct 23)
    - Re: Help, possible rootkit MN Vasquez (Oct 23)
    - Re: Help, possible rootkit Gregh (Oct 23)
  - RE: Help, possible rootkit Alan Melia (Melmac) (Oct 25)

(Thread continues...)