lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: dywypi at (Sam Gentle)
Subject: List of worm and trojan files

> Perhaps I should clarify about this list thing:  A friend of mine is 
> apparently running a rogue email server and a rogue ftp server, and 
> none of the virus checkers we have tried will determine what program 
> or where.  I looked for a windows equivalent to lsof but there doesn't 
> appear to be one - the one I found can only determine the program if 
> it sees a packet go by and cannot find a quiescent program.  The A/V 
> checkers do not flag an email server, considering it a legitimate 
> program.  Task manager is also destroyed, so there is no help there.  
> I was hoping to find a list of illegitimate files for which I could 
> check.
> Thanks to those who sent advice and assistance.

In your case I would definitely advise having a look at a couple of 
Sysinternals tools. Specifically, "Process Explorer" allows you to 
display open sockets for a process, and "TCPView" will list all open 
(and listening) sockets and their associated processes. I assume you're 
talking about an NT-based system here, as under 9x/ME these tools are 
regretfully castrated by the lack of appropriate OS features.

Oh, and you may want to check out another utility, also from 
Sysinternals, called "autoruns", which can give you a list of non-system 
programs in starting locations, including BHOs and shell extensions. 
(Though I'd actually recommend NirSoft's ShellExView for the latter if 
you plan to do any serious messing around.)


Powered by blists - more mailing lists