Penetration Testing mailing list archives
Re: [PEN-TEST] Suspect .EXE Trojan
From: Eric Fitzgerald <eric () AMNTV COM>
Date: Thu, 14 Dec 2000 11:32:47 -0800
Use an isiolated machine, not attached to any network (pull out the nic card and/or modem). Use tripwire to see any file modification's. If you know how to read binary files, get yourself a nice hex editor and diff any binary files to see the changes. ----- Original Message ----- From: "Ruso, Anthony" <aruso () POSITRON QC CA> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Thursday, December 14, 2000 10:58 AM Subject: [PEN-TEST] Suspect .EXE Trojan
Hi, I have a suspect executable that I think may be a Trojan. A search on the .exe doesn't return any result with any virus vendor. Are there any tools that would allow me to execute the file in isolation and actually see
what's
going on. The file was already executed on two workstations and it killed Outlook in both cases. I know I can use tripwire and similar products to
see
what files it makes changes to but I don't want to risk killing outlook again. Thanks Anthony Ruso
Current thread:
- [PEN-TEST] Suspect .EXE Trojan Ruso, Anthony (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan outcast (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Rainer Duffner (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Steve Goldsby (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Ryan Russell (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Eric Fitzgerald (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Mike Forrester (Dec 15)
- <Possible follow-ups>
- Re: [PEN-TEST] Suspect .EXE Trojan Ken Pfeil (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan WernerC (Dec 15)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)
- [PEN-TEST] Raw Disk Mounter Clem Colman (Dec 15)
- Re: [PEN-TEST] Raw Disk Mounter Crist Clark (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Ryan Russell (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Brian Russo (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Berend De Schouwer (Dec 16)
- Re: [PEN-TEST] Raw Disk Mounter Jonathan Johnson (Dec 16)
- Re: [PEN-TEST] Suspect .EXE Trojan Dom De Vitto (Dec 15)