Please be aware that the SysInternals "freewware" is only free to be
used on your OWN or **your** employer's PC. You cannot use it for free
on anyone else's computers as a consultant, paid or not. They are very
clear about this in their licensign and are already prosecuting
companies such as Best Buy (USA) for breaching their licensing
So, this, again, is Claytons Freeware - the freeware you have when you
don't have freeware.
Hilton Travis Phone: +61 (0)7 3344 3889
(Brisbane, Australia) Phone: +61 (0)419 792 394
Manager, Quark IT http://www.quarkit.com.au
Quark AudioVisual http://www.quarkav.net
http://www.threatcode.com/ <-- its now time to shame poor coders
into writing code that is acceptable for use on today's networks
War doesn't determine who is right. War determines who is left.
This document and any attachments are for the intended recipient
only. It may contain confidential, privileged or copyright
material which must not be disclosed or distributed.
Quark Group Pty. Ltd.
T/A Quark Automation, Quark AudioVisual, Quark IT
> -----Original Message-----
> From: Mark Schoonover [mailto:schoon at amgt dot com]
> Sent: Thursday, 3 August 2006 02:04
> To: 'Kasper Pedersen'; m0n0wall
> Subject: RE: [m0n0wall] OT Strange Virus?
> Kasper Pedersen wrote:
> > ----- Original Message -----
> > From: "Lee Sharp" <leesharp at hal dash pc dot org>
> >> Aware, and Rootkit Revealer all show nothing. Scanning under safe
> >> mode still shows nothing. In desperation I scanned (With an older
> >> virus list) with UBCD 4 Win, and still nothing. I have
> already lost
> >> money on this job, but I want to KNOW what is doing this... Any
> >> thoughts?
> > www.sysinternals.com has two tool named process explorer
> and filemon.
> > They can show what processes do what to which files. Copy in a bunch
> > of jpgs, observe which process deletes them, find the
> executable with
> > process explorer, then use PE to kill it. And remember to
> keep a copy
> > of it (the nastyware) for later analysis.
> > Don't be too surprised if it's antivirus (sigh). Some of the less
> > intelligent ones sometimes are a little too 'smart'. Like
> deleting all
> > zipfiles with certain names, or deleting gifs with a
> certain size, or
> > 'protecting' the machine against a JPG decoder bug.
> > /Kasper
> > (There's only one o in lose)
> Speaking of sysinternals, if you want there cool freeware, you better
> download it soon. They been purchased by Microsoft, so who
> knows how long
> these nifty pieces of software will remain.
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch