[Full-Disclosure] List of worm and trojan files
barrie at reboot-robot.net
Fri Dec 24 09:37:14 GMT 2004
On Thu, 2004-12-23 at 21:22 -0500, Carilda A Thomas wrote:
> Task manager is also
> destroyed, so there is no help there.
Try using filemon, regmon, pstools and tcpview from www.sysinternals.com. As long as the attacker
hasn't hijacked any system calls this should provide enough information
to at least recognise a rogue program.
Barrie Dempster (zeedo) - Fortiter et Strenue
[ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041224/4984bbbd/attachment.bin
Full-Disclosure is hosted and sponsored by Secunia.