Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: List of worm and trojan files
From: Barrie Dempster <barrie () reboot-robot net>
Date: Fri, 24 Dec 2004 09:37:14 +0000

On Thu, 2004-12-23 at 21:22 -0500, Carilda A Thomas wrote:
Task manager is also 
destroyed, so there is no help there.  

Try using filemon, regmon, pstools and tcpview from www.sysinternals.com. As long as the attacker
hasn't hijacked any system calls this should provide enough information
to at least recognise a rogue program.

With Regards..
Barrie Dempster (zeedo) - Fortiter et Strenue


[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]

Attachment: signature.asc
Description: This is a digitally signed message part

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]