[ previous ] [ next ] [ threads ]
 
 From:  "Mas" <mas at masandwendy dot com>
 To:  "'Mark Schoonover'" <schoon at amgt dot com>, "'Kasper Pedersen'" <m0n0list dash kkp2 at kasperkp dot dk>, "'m0n0wall'" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] OT Strange Virus?
 Date:  Wed, 2 Aug 2006 23:46:11 -0700
<OT>

Tools won't be going offline any time soon - just read Mark's blog.

http://www.sysinternals.com/Blog/
... Probably of most importance, however, is the outcome of the various
meetings I've had with the Sysinternals/Winternals integration team. I'm
pleased to report that Microsoft's number one priority is not only keeping
the tools freely available, but preserving the Sysinternals community
including the newsletter, the forums, and my blog. While we're still
brainstorming how to make this successful in the long term, I'm pleased to
announce the first step in the transition, which is the introduction of a
new Sysinternals EULA, that I believe is even more permissive than the EULA
in place before the Microsoft acquisition, since it allows for wider use of
Sysinternals utilities within a company.



-----Original Message-----
From: Mark Schoonover [mailto:schoon at amgt dot com] 
Sent: Wednesday, August 02, 2006 9:04 AM
To: 'Kasper Pedersen'; m0n0wall
Subject: RE: [m0n0wall] OT Strange Virus?

Kasper Pedersen wrote:
> ----- Original Message -----
> From: "Lee Sharp" <leesharp at hal dash pc dot org>
>> Aware, and Rootkit Revealer all show nothing.  Scanning under safe 
>> mode still shows nothing.  In desperation I scanned (With an older 
>> virus list) with UBCD 4 Win, and still nothing.  I have already lost 
>> money on this job, but I want to KNOW what is doing this...  Any 
>> thoughts?
> 
> www.sysinternals.com  has two tool named process explorer and filemon.
> They can show what processes do what to which files. Copy in a bunch 
> of jpgs, observe which process deletes them, find the executable with 
> process explorer, then use PE to kill it. And remember to keep a copy 
> of it (the nastyware) for later analysis.
> 
> Don't be too surprised if it's antivirus (sigh). Some of the less 
> intelligent ones sometimes are a little too 'smart'. Like deleting all 
> zipfiles with certain names, or deleting gifs with a certain size, or 
> 'protecting' the machine against a JPG decoder bug.
> 
> /Kasper
> (There's only one o in lose)

Speaking of sysinternals, if you want there cool freeware, you better
download it soon. They been purchased by Microsoft, so who knows how long
these nifty pieces of software will remain.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch