mailing list archives
Re: List of worm and trojan files
From: Barrie Dempster <barrie () reboot-robot net>
Date: Fri, 24 Dec 2004 09:37:14 +0000
On Thu, 2004-12-23 at 21:22 -0500, Carilda A Thomas wrote:
Task manager is also
destroyed, so there is no help there.
Try using filemon, regmon, pstools and tcpview from www.sysinternals.com. As long as the attacker
hasn't hijacked any system calls this should provide enough information
to at least recognise a rogue program.
Barrie Dempster (zeedo) - Fortiter et Strenue
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Description: This is a digitally signed message part
Full-Disclosure - We believe in it.