[ previous ] [ next ] [ threads ]
 From:  "Quark IT - Hilton Travis" <Hilton at quarkit dot com dot au>
 To:  "m0n0wall" <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] OT Strange Virus?
 Date:  Sat, 5 Aug 2006 08:17:21 +1000
Hi All,

Please be aware that the SysInternals "freewware" is only free to be
used on your OWN or **your** employer's PC.  You cannot use it for free
on anyone else's computers as a consultant, paid or not.  They are very
clear about this in their licensign and are already prosecuting
companies such as Best Buy (USA) for breaching their licensing

So, this, again, is Claytons Freeware - the freeware you have when you
don't have freeware.



Hilton Travis                          Phone: +61 (0)7 3344 3889
(Brisbane, Australia)                  Phone: +61 (0)419 792 394
Manager, Quark IT                      http://www.quarkit.com.au
         Quark AudioVisual             http://www.quarkav.net

http://www.threatcode.com/ <-- its now time to shame poor coders 
into writing code that is acceptable for use on today's networks

War doesn't determine who is right.  War determines who is left.

This document and any attachments are for the intended recipient 
  only.  It may contain confidential, privileged or copyright 
     material which must not be disclosed or distributed.

                    Quark Group Pty. Ltd.
      T/A Quark Automation, Quark AudioVisual, Quark IT 

> -----Original Message-----
> From: Mark Schoonover [mailto:schoon at amgt dot com] 
> Sent: Thursday, 3 August 2006 02:04
> To: 'Kasper Pedersen'; m0n0wall
> Subject: RE: [m0n0wall] OT Strange Virus?
> Kasper Pedersen wrote:
> > ----- Original Message -----
> > From: "Lee Sharp" <leesharp at hal dash pc dot org>
> >> Aware, and Rootkit Revealer all show nothing.  Scanning under safe
> >> mode still shows nothing.  In desperation I scanned (With an older
> >> virus list) with UBCD 4 Win, and still nothing.  I have 
> already lost
> >> money on this job, but I want to KNOW what is doing this...  Any
> >> thoughts? 
> > 
> > www.sysinternals.com  has two tool named process explorer 
> and filemon.
> > They can show what processes do what to which files. Copy in a bunch
> > of jpgs, observe which process deletes them, find the 
> executable with
> > process explorer, then use PE to kill it. And remember to 
> keep a copy
> > of it (the nastyware) for later analysis.
> > 
> > Don't be too surprised if it's antivirus (sigh). Some of the less
> > intelligent ones sometimes are a little too 'smart'. Like 
> deleting all
> > zipfiles with certain names, or deleting gifs with a 
> certain size, or
> > 'protecting' the machine against a JPG decoder bug.
> > 
> > /Kasper
> > (There's only one o in lose)
> Speaking of sysinternals, if you want there cool freeware, you better
> download it soon. They been purchased by Microsoft, so who 
> knows how long
> these nifty pieces of software will remain.
> Mark
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch