lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: keydet89 at (Harlan Carvey)
Subject: Looking for a tool

> ok i was not speculating, this proecess is a win32
> service. these types of images cannot be stopped by
> a admin from the process manager, they have to be
> stopped from the serives mmc under the
> admininstative tools in contol panel. 
> since this is exactly what the first post described
> i said it was a service.

I'm subscribed to the list...and I never saw anything
from Paul to show that this is a service.  Is there a
Registry key?  Was there any enumeration via the SCM? 
Based on Paul's initial description, you're
correct...but as I pointed out, there isn't enough
hard information.  I've dealt with IR cases before
where the administrator swore that the malicious
process (an IRC bot) was "hidden" from the Task
Manager, when it was simply named something other than "maliciousIRCbot.exe".

Powered by blists - more mailing lists