|
||||||||
Kasper Pedersen wrote: > ----- Original Message ----- > From: "Lee Sharp" <leesharp at hal dash pc dot org> >> Aware, and Rootkit Revealer all show nothing. Scanning under safe >> mode still shows nothing. In desperation I scanned (With an older >> virus list) with UBCD 4 Win, and still nothing. I have already lost >> money on this job, but I want to KNOW what is doing this... Any >> thoughts? > > www.sysinternals.com has two tool named process explorer and filemon. > They can show what processes do what to which files. Copy in a bunch > of jpgs, observe which process deletes them, find the executable with > process explorer, then use PE to kill it. And remember to keep a copy > of it (the nastyware) for later analysis. > > Don't be too surprised if it's antivirus (sigh). Some of the less > intelligent ones sometimes are a little too 'smart'. Like deleting all > zipfiles with certain names, or deleting gifs with a certain size, or > 'protecting' the machine against a JPG decoder bug. > > /Kasper > (There's only one o in lose) Speaking of sysinternals, if you want there cool freeware, you better download it soon. They been purchased by Microsoft, so who knows how long these nifty pieces of software will remain. Mark |