RE: Help, possible rootkit

From: Benjamin Tomhave (falcon_at_secureconsulting.net)
Date: 10/25/04

Next message: Leif Ericksen: "RE: Help, possible rootkit"

Previous message: Marcus Merrin: "Re: Help, possible rootkit"
In reply to: BillyBob: "Help, possible rootkit"
Next in thread: Leif Ericksen: "RE: Help, possible rootkit"
Reply: Leif Ericksen: "RE: Help, possible rootkit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'BillyBob'" <billybobknob@hotmail.com>
Date: Sun, 24 Oct 2004 18:50:11 -0400

Try running standard antivirus and spyware detection software. If you've
made any changes to your system lately (patches, etc.) try removing them.

---
Benjamin Tomhave, CISSP
falcon@secureconsulting.net
http://falcon.secureconsulting.net/
 
"We must scrupulously guard the civil liberties of all
citizens, whatever their background. We must remember
that any oppression, any injustice, any hatred is a
wedge designed to attack our civilization."
-President Franklin Delano Roosevelt
 
> -----Original Message-----
> From: BillyBob [mailto:billybobknob@hotmail.com] 
> Sent: Saturday, October 23, 2004 12:06 PM
> To: Incidents
> Subject: Help, possible rootkit
> 
> I have noticed that my XP system is behaving like I have a rootkit.
> 
> - My mouse is jumpy (it freezes for a second when I move it around the
> desktop) and the minimized Taskmanager in the systray shows I 
> have around
> 25 - 30 % usage, but when I open it, there is no process 
> listed using this much.
> - I did a netstat, fport, openports and none of these show 
> that I have any odd ports open or any connections established.
> - even when I disconnect from the Internet these symptoms do 
> not stop.  They stop if I reboot, but then start again.
> 
> I have ran VICE, Klister, PatchFinder and RkDetect from 
> rootkit.com and they could not find anything.
> 
> Any more suggestions ?
> Any more rootkit finding tools for Windows ?
> 
> Thanks
> Bill
> 
> 
>

Next message: Leif Ericksen: "RE: Help, possible rootkit"

Previous message: Marcus Merrin: "Re: Help, possible rootkit"
In reply to: BillyBob: "Help, possible rootkit"
Next in thread: Leif Ericksen: "RE: Help, possible rootkit"
Reply: Leif Ericksen: "RE: Help, possible rootkit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Removal of Rootkit TDss
... assumed it was your regular group of malware and such but after removing ... Win32.Trojan.TDss process and its companion file in rootkit form. ... loss as how to proceed in removing this bug. ... remove partition, add partition, reformat) and reinstall the operating ...
(comp.security.firewalls)
Re: Baloney! No Sony! Pass it on.
... because they found the rootkit during the process of ... attempting to terminate the license (removing the software). ... Yes, because no rootkits have *ever* been written for Linux, and there ...
(sci.electronics.design)