Re: Files Associated With Client Component of TCP/IP Properties

"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
"Roger Abell [MVP]" <mvpNoSpam@xxxxxxx> wrote in message
"Will" <westes-usc@xxxxxxxxxxxxxx> wrote in message
"GreggMB" <GreggMB@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
All this does is affects the transport (or "infrastructure") the
It has no affect on Trojan itself.

I think that depends on the implementation. One possible scenario is
the Trojan loads itself as a kernel rootkit virus through one of those
files, then allows the normal functionality to proceed.

I admit it is a long shot to find this thing in any case. Once a
gets installed, it can hide activity in the kernel from you and make
seem clean when they are not.

Yes, but I found it interesting your initial post seemed to say
you had successfully cleansed it of some (mis)behaviors.
A rootkit implant would more normally remove traces of its
injection (or sloppy, or intended detractor?_)

Apparently I did cleanse it, if I believe the firewall. But probably
are still traces of it on the file system possibly in a form that would
recreate the original condition. I was hoping to get a list of affected
files just to see if I could make any sense of possible sources from that

Sounds to me like you might regret not snap-shoting the reg first.

It seems an artifact in OSs today, including those with sub-100 million
lines of code, that things are largely left to be self-documenting.