Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: List of worm and trojan files
From: Barrie Dempster <barrie () reboot-robot net>
Date: Fri, 24 Dec 2004 09:37:14 +0000

On Thu, 2004-12-23 at 21:22 -0500, Carilda A Thomas wrote:
<snip>
Task manager is also 
destroyed, so there is no help there.  
<snip>

Try using filemon, regmon, pstools and tcpview from www.sysinternals.com. As long as the attacker
hasn't hijacked any system calls this should provide enough information
to at least recognise a rogue program.

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue

  http://www.bsrf.org.uk

[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]




Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]