[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040304205710.49103.qmail@web41607.mail.yahoo.com>
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: Looking for a tool
> ok i was not speculating, this proecess is a win32
> service. these types of images cannot be stopped by
> a admin from the process manager, they have to be
> stopped from the serives mmc under the
> admininstative tools in contol panel.
>
> since this is exactly what the first post described
> i said it was a service.
I'm subscribed to the list...and I never saw anything
from Paul to show that this is a service. Is there a
Registry key? Was there any enumeration via the SCM?
Based on Paul's initial description, you're
correct...but as I pointed out, there isn't enough
hard information. I've dealt with IR cases before
where the administrator swore that the malicious
process (an IRC bot) was "hidden" from the Task
Manager, when it was simply named something other than "maliciousIRCbot.exe".
Powered by blists - more mailing lists