lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <009c01c45be4$e694d080$bc7f013d@c5>
From: aditya.deshmukh at online.gateway.technolabs.net (Aditya, ALD [ Aditya Lalit Deshmukh ])
Subject: "Sample" not running but preventing Win2k from Shutdown

> I was fishing for some nice MSIE "plugins" on some porn sites and
> found a mysterious one. It does not appear anywhere, neither in my
> Firewall nor as a toolbar, and there is no new process running on
> the sandbox machine. But whenever I try to shut it down or reboot
> it, an application called "sample" does not want to terminate
> voluntarily. As said before, there is no such app in the process
> list before shutting down, and there is no unknown sample*.* file
> on any of the sandbox'es hard disks. Does anyone know this "sample"?

in win2k there an  api which makes the process invisible. can you get the the exact plugin that is causing this. internet explorer has some browser objects that have access to all the to what ever IE has and there might be no visible tool bar ie it might be 1X1 pixels big. so you see nothing and there is no listed process as it is a partof internet explorer. is IE running all the time ? 

it also might be a out of process com server creeated by ie that reefuses to shut down. 

the sample*.* does not exist because it might be sprawned by some other process and clenaed up on execution or the sample might be the "window title" param and not the file name. please get a program that maps the programs that are running to file names on disk and that should be able to get what is going on ....


-aditya
??????????????????????????????????????????????????????
?b???v?"?.axZ?x??????Gb?*'??.?[kj???.?j)m???r??

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ