Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: what is the best procedure to track down a potentially new vi rus/wo

from [Ziots, Edward] Network Security [Permanent Link]
Subject: RE: what is the best procedure to track down a potentially new vi rus/worm/etc?
Date: Thu, 16 Dec 2004 11:26:42 -0500 
Even better, you can get tcpvcon from www.sysinternals.com and track ports
to the process that is loading it. Once you know your normal baseline
activity then you can detect rogue .exe's and other items that would be
spitting malicious traffic onto your newtwork. Also try out there
autoruns.exe utility which works wonders. 

EZ

Edward Ziots
Windows NT/Citrix Administrator
Lifespan Network Services
MCSE,MCSA,MCP+I,M.E,CCA,Security +, Network +
eziots@lifespan.org
Cell:401-639-3505
Pager:401-350-5284

********************** 
Confidentiality Notice 
**********************
The information transmitted in this e-mail is intended only for the person
or entity to which it is addressed and may contain confidential and/or
privileged information. Any review, retransmission, dissemination or other
use of or taking of any action in reliance upon this information by persons
or entities other than the intended recipient is prohibited. 
If you received this e-mail in error, please contact the sender and delete
the e-mail and any attached material immediately. Thank you.





-----Original Message-----
From: Caeser Augustus [mailto:caeser.augustus@gmail.com]
Sent: Wednesday, December 15, 2004 11:18 PM
To: xxp
Cc: focus-virus@securityfocus.com
Subject: Re: what is the best procedure to track down a potentially new
virus/worm/etc?


1. At a command prompt, type Netstat âano > netstat.txt, and then
press ENTER. This command creates the Netstat.txt file. This file
lists all the listening ports.
2. At the command prompt, type Tasklist > tasklist.txt, and then press
ENTER. If the program in question runs as a service, type Tasklist
/svc > tasklist.txt instead of Tasklist > tasklist.txt so that the
services that are loaded in each process are listed.
3. Open the Tasklist.txt file, and then locate the program that you
are troubleshooting. Write down the Process Identifier for the
process, and then open the Netstat.txt file. Note any entries that are
associated with that Process Identifier and the protocol that is used.


From http://support.microsoft.com/default.aspx?kbid=875357#10



Or you can try you hand at logging the IPNAT driver.
netsh ras set tracing ipnat enable
OR
netsh ras set tracing * enable

Check up the log after the session at:
%SystemRoot%\tracing

It has detailed description with path and filenames.

On Wed, 15 Dec 2004 11:31:18 +0800, xxp <xxp@beelink.com> wrote:

hi,




It can't hurt, the ISP may or may not act on your information, but it is
worth a shot. It would greatly help your case if you sent them copies of
your logs containing the pertinent information..



Most of ISPs could not log the informations of connections considered

safety,

maybe you can inform them your IP infos and ask them to record datas

between you

and suspicous site.

regards,
jinjian
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: what is the best procedure to track down a potentially new vi rus/worm/etc?, Ziots, Edward <=
Previous by Date:  Re: what is the best procedure to track down a potentially new virus/worm/etc?, Caeser Augustus
Next by Date:  REVIEW: "Computer Viruses for Dummies", Peter Gregory, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Previous by Thread:  what is the best procedure to track down a potentially new virus/worm/etc?, Rodrigo Ventura
Next by Thread:  REVIEW: "Computer Viruses for Dummies", Peter Gregory, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Indexes:  [Date] [Thread] [Top] [All Lists]