RE: Help, possible rootkit

["Benjamin Tomhave" <falcon () secureconsulting net>]

Try running standard antivirus and spyware detection software.  If you've
made any changes to your system lately (patches, etc.) try removing them.

---
Benjamin Tomhave, CISSP
falcon () secureconsulting net
http://falcon.secureconsulting.net/
 
"We must scrupulously guard the civil liberties of all
citizens, whatever their background. We must remember
that any oppression, any injustice, any hatred is a
wedge designed to attack our civilization."
-President Franklin Delano Roosevelt
 

> -----Original Message-----
> From: BillyBob [mailto:billybobknob () hotmail com] 
> Sent: Saturday, October 23, 2004 12:06 PM
> To: Incidents
> Subject: Help, possible rootkit
>
> I have noticed that my XP system is behaving like I have a rootkit.
>
> - My mouse is jumpy (it freezes for a second when I move it around the
> desktop) and the minimized Taskmanager in the systray shows I 
> have around
> 25 - 30 % usage, but when I open it, there is no process 
> listed using this much.
> - I did a netstat, fport, openports and none of these show 
> that I have any odd ports open or any connections established.
> - even when I disconnect from the Internet these symptoms do 
> not stop.  They stop if I reboot, but then start again.
>
> I have ran VICE, Klister, PatchFinder and RkDetect from 
> rootkit.com and they could not find anything.
>
> Any more suggestions ?
> Any more rootkit finding tools for Windows ?
>
> Thanks
> Bill