Re: Files Associated With Client Component of TCP/IP Properties
- From: "Will" <westes-usc@xxxxxxxxxxxxxx>
- Date: Tue, 24 Oct 2006 20:04:16 -0700
"GreggMB" <GreggMB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D5A71317-8EB6-4936-B1A9-12EE7248C271@xxxxxxxxxxxxxxxx
All this does is affects the transport (or "infrastructure") the Trojanuses.
It has no affect on Trojan itself.
I think that depends on the implementation. One possible scenario is that
the Trojan loads itself as a kernel rootkit virus through one of those
files, then allows the normal functionality to proceed.
I admit it is a long shot to find this thing in any case. Once a rootkit
gets installed, it can hide activity in the kernel from you and make things
seem clean when they are not.
--
Will
"Will" wrote:(re)installed
Is there a place I can get a specific filelist of the files
wouldwhen you remove the Client component of TCP and then re-install it?
We have a trojan on a computer that was cleared by that action and I
like to start isolating the affected files to see if I can determine a
possible source of infection.
--
Will
.
- Follow-Ups:
- Re: Files Associated With Client Component of TCP/IP Properties
- From: Roger Abell [MVP]
- Re: Files Associated With Client Component of TCP/IP Properties
- References:
- Prev by Date: Re: how many CA's (cross posted...)
- Next by Date: Re: Files Associated With Client Component of TCP/IP Properties
- Previous by thread: Re: Files Associated With Client Component of TCP/IP Properties
- Next by thread: Re: Files Associated With Client Component of TCP/IP Properties
- Index(es):
