Re: realtime TRIPWIRE like software required

From: Chris Kronberg (smil_at_agleia.de)
Date: 10/23/05

• Next message: ROBERT S AMP BA Drake: "Re: Wireless security"
• Previous message: Volker Birk: "Re: realtime TRIPWIRE like software required"
• In reply to: blackboab: "realtime TRIPWIRE like software required"
• Next in thread: blackboab: "Re: realtime TRIPWIRE like software required"
• Reply: blackboab: "Re: realtime TRIPWIRE like software required"
• Reply: blackboab: "Re: realtime TRIPWIRE like software required"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 23 Oct 2005 07:58:55 GMT

On 2005-10-21, blackboab <blackboab@gmail.com> wrote:
> Hi
>
> I recently got a trojan which copied itself to my disk, updated the
> registry and then copied itself into memory.
>
> the anti virus software didnt blink,
>
> there was nothing in the event log,
>
> how come all of this can happen without windows informing me in any way?

  That's the way a good trojan is programed.

> how come windows doesnt inform me if someone starts copying the files
> from my disk ?
>
> i want a realtime software (TRIPWIRE is not real time and must be run
> at set intervals ) which will inform me when a file is being copied
> to/from my system
> and do i agree to let it happen.,

  Think twice: do you really want to get notified each time you
  surf the net and get sites in your browser cache? Don't know
  which version of Windows you run but the newer versions have
  something called prefetching. Commands you run are copied for
  faster access. You will be notified, too.
  Each time you write a document a temporary file is created.
  You will be notified.
  Although you would know very well what your system is trying
  to do, the flood of notices would drive me up the wall.

  I can understand that you are frustrated. But a better way may
  be to close down the possibilities for a trojan to enter your
  system.
  
  Cheers,

  Chris.

• Next message: ROBERT S AMP BA Drake: "Re: Wireless security"
• Previous message: Volker Birk: "Re: realtime TRIPWIRE like software required"
• In reply to: blackboab: "realtime TRIPWIRE like software required"
• Next in thread: blackboab: "Re: realtime TRIPWIRE like software required"
• Reply: blackboab: "Re: realtime TRIPWIRE like software required"
• Reply: blackboab: "Re: realtime TRIPWIRE like software required"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Bootable vuln CD for Windows ... Central Command have a Vexira Rescue Disk System that is free to use ... Bootable vuln CD for Windows ... trojans, viruses etc. ... shouldn't be too hard to fool by some pre-existing trojan. ... (Security-Basics) Re: Bootable vuln CD for Windows ... > other malicious code using either a single bootable compact disk or a 4 ... Bootable vuln CD for Windows ... > I'm looking for a way to scan existing Windows XP installations for ... > shouldn't be too hard to fool by some pre-existing trojan. ... (Security-Basics) Re: ZA found a trojan or just something "normal"? ... Sounds like a nothing shit for brains hacker trying to continue to ... abuse hacked systems. ... What this means is you have a number of trojan ... can and are stuck on these disk. ... (comp.security.firewalls) Re: getting rid of a virus ... msconfd.dll = CWS.Msconfd (coolwebsearch trojan) ... this type hijack indicates an unpatched machine, ... > right on at startup and has the following: Trojan ... I do not have a disk in any ... (microsoft.public.security.virus)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint