mailing list archives
RE: Looking for a tool
From: Harlan Carvey <keydet89 () yahoo com>
Date: Thu, 4 Mar 2004 12:57:09 -0800 (PST)
ok i was not speculating, this proecess is a win32
service. these types of images cannot be stopped by
a admin from the process manager, they have to be
stopped from the serives mmc under the
admininstative tools in contol panel.
since this is exactly what the first post described
i said it was a service.
I'm subscribed to the list...and I never saw anything
from Paul to show that this is a service. Is there a
Registry key? Was there any enumeration via the SCM?
Based on Paul's initial description, you're
correct...but as I pointed out, there isn't enough
hard information. I've dealt with IR cases before
where the administrator swore that the malicious
process (an IRC bot) was "hidden" from the Task
Manager, when it was simply named something other than "maliciousIRCbot.exe".
Full-Disclosure - We believe in it.
RE: Looking for a tool Tiago Halm (Mar 02)
Re: Looking for a tool Lan Guy (Mar 02)
RE: Looking for a tool Tony (Mar 02)
RE: Looking for a tool Nicob (Mar 02)