New version of procdmp

[H C <keydet89 () yahoo com>]

Last week, I posted regarding a script I'd put up on
my web site called procdmp.pl.

I've now posted the file as a standalone EXE, with a
GUI for selecting the files.

Go to http://patriot.net/~carvdawg/perl.html

Under the description of procdmp.pl, there is a link
to "pdg.zip"...this is the zipped archive containing
all the files you need.  Unzip these into the same
directory, and run pd.exe.  This assumes that you've
already run the tools (handle, pslist, listdlls,
fport, and 'netstat -an') and saved the output to
files.

In the GUI, first choose File->Save As... and give the
name of the file you want to save the output as...the
output will be an HTML file (see
http://patriot.net/~carvdawg/pd.html for an example). 
Then, click each button, choosing the appropriate file
in turn (typing in the path works, too).  Click "Go"
once all files have been selected.  

Once the process has completed, open the resulting
HTML file.

The example has a couple of surprises...such as a
"trojan" executable, as well as one launched from an
ADS...

Thoughts and comments are appreciated.  Flames are
piped to /dev/null.

Carv

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com