RE: [Full-Disclosure] Help, possible rootkit

From: Alan Melia (Melmac) (alanme_at_melmac.co.uk)
Date: 10/23/04

  • Next message: BillyBob: "Re: [Full-Disclosure] Help, possible rootkit" 
    To: "'BillyBob'" <billybobknob@hotmail.com>, "'Full Disclosure'" <full-disclosure@lists.netsys.com>
Date: Sat, 23 Oct 2004 20:47:15 +0100

    First check to see what processes are running. TaskList is built in but I
    would recommend.
    http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

    Get to know your machine and what processes are running normally. With
    25-30% CPU it should stick out like a sore thumb.

    Oh yeah don't run as admin (see http://blogs.msdn.com/aaron_margosis).

    Alan
     

    -----Original Message-----
    From: full-disclosure-admin@lists.netsys.com
    [mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of BillyBob
    Sent: 23 October 2004 17:05
    To: Full Disclosure
    Subject: [Full-Disclosure] Help, possible rootkit

    I have noticed that my XP system is behaving like I have a rootkit.

    - My mouse is jumpy (it freezes for a second when I move it around the
    desktop) and the minimized Taskmanager in the systray shows I have around
    25 - 30 % usage, but when I open it, there is no process listed using this
    much.
    - I did a netstat, fport, openports and none of these show that I have any
    odd ports open or any connections established.
    - even when I disconnect from the Internet these symptoms do not stop. They
    stop if I reboot, but then start again.

    I have ran VICE, Klister, PatchFinder and RkDetect from rootkit.com and they
    could not find anything.

    Any more suggestions ?
    Any more rootkit finding tools for Windows ?

    Thanks
    Bill

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: BillyBob: "Re: [Full-Disclosure] Help, possible rootkit"

    Relevant Pages

    • Re: Music & Linux: I just got off the turnip truck
      ... about the Sony rootkit fiasco last fall? ... 'rootkit' in your computer before you get it, ... The ultimate in rootkits and drm of course, ... This is a framework which we have built ourselves -- some would say "built ...
      (comp.os.linux.misc)
    • RE: [Full-Disclosure] Rootkit
      ... Subject: Rootkit ... damn remote-root exploit patches that have been released in the last ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] Rootkit
      ... Subject: [Full-Disclosure] Rootkit ... Microsoft dcom1 July 17 Nov 2 ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • RE: [Full-Disclosure] Looking for a tool
      ... Probably a rootkit. ... Regards, ... Full-Disclosure - We believe in it. ... Charter: http://lists.netsys.com/full-disclosure-charter.html ...
      (Full-Disclosure)
    • Quantcast