Penetration Testing mailing list archives

Re: [PEN-TEST] Suspect .EXE Trojan

From: Rainer Duffner <duffner () FH-KONSTANZ DE>
Date: Thu, 14 Dec 2000 21:07:45 +0100

On Thu, 14 Dec 2000, Ruso, Anthony wrote:

Hi,

I have a suspect executable that I think may be a Trojan. A search on the
.exe doesn't return any result with any virus vendor. Are there any tools


VMWare.
It has a feature to write a "redo-log" for the filesystem.
Not your everyday el-cheapo solution, though.

Would filemon and regmon from www.sysinternals.com be usefull ?
Is there a way to intercept them ?
I don't know.

cheers,
Rainer
--
========================================
 Rainer Duffner , Konstanz, Germany
 eMail:  duffner () fh-konstanz de
       rainer.duffner () surf24 de
http://www-stud.fh-konstanz.de/duffner/
========================================

Current thread:

[PEN-TEST] Suspect .EXE Trojan Ruso, Anthony (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan outcast (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Rainer Duffner (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Steve Goldsby (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ryan Russell (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eric Fitzgerald (Dec 15)
  - Re: [PEN-TEST] Suspect .EXE Trojan Mike Forrester (Dec 15)
- <Possible follow-ups>
- Re: [PEN-TEST] Suspect .EXE Trojan Ken Pfeil (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan WernerC (Dec 15)
  - Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
    - [PEN-TEST] Raw Disk Mounter Clem Colman (Dec 15)
    - Re: [PEN-TEST] Raw Disk Mounter Crist Clark (Dec 16)
    - Re: [PEN-TEST] Raw Disk Mounter Ryan Russell (Dec 16)

(Thread continues...)