Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Virus
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: what is the best procedure to track down a potentially new virus/wor

from [Caeser Augustus] Network Security [Permanent Link]
Subject: Re: what is the best procedure to track down a potentially new virus/worm/etc?
Date: Sun, 19 Dec 2004 00:30:11 +0530 
The only place where i've seen the exact same message is when when i
try a runas commadn, but type incorrect password for the username. Is
it possible that the folder in which you are creating the file, u
don't have permissions to it? ot even more, it's not a network drive?
However, I don't think that's the issue.
Just amke sure u're the admin and it should do.


On Fri, 17 Dec 2004 05:33:58 -0800 (PST), Angus Lou <tenbinza@yahoo.com> wrote:

Hi, I feel that this topic is interesting. I have
try at the command Tasklist > tasklist.txt.
However, I get this error at bottom. Do you know why?
Thank you.

ERROR: Logon failure: unknown user name or bad
password.
--- Caeser Augustus <caeser.augustus@gmail.com> wrote:


1. At a command prompt, type Netstat Ãâ"ano >
netstat.txt, and then
press ENTER. This command creates the Netstat.txt
file. This file
lists all the listening ports.
2. At the command prompt, type Tasklist >
tasklist.txt, and then press
ENTER. If the program in question runs as a service,
type Tasklist
/svc > tasklist.txt instead of Tasklist >
tasklist.txt so that the
services that are loaded in each process are listed.
3. Open the Tasklist.txt file, and then locate the
program that you
are troubleshooting. Write down the Process
Identifier for the
process, and then open the Netstat.txt file. Note
any entries that are
associated with that Process Identifier and the
protocol that is used.

From


http://support.microsoft.com/default.aspx?kbid=875357#10



Or you can try you hand at logging the IPNAT driver.
netsh ras set tracing ipnat enable
OR
netsh ras set tracing * enable

Check up the log after the session at:
%SystemRoot%\tracing

It has detailed description with path and filenames.

On Wed, 15 Dec 2004 11:31:18 +0800, xxp
<xxp@beelink.com> wrote:

hi,




It can't hurt, the ISP may or may not act on your

information, but it is

worth a shot. It would greatly help your case if

you sent them copies of

your logs containing the pertinent information..



Most of ISPs could not log the informations of

connections considered safety,

maybe you can inform them your IP infos and ask

them to record datas between you

and suspicous site.

regards,
jinjian






=====
With Regards,
Angus Lou
~~~~~~~~~~~~~~~~~~~~~
çççåèåäæåååï

__________________________________
Do you Yahoo!? 
Yahoo! Mail - Find what you need with new enhanced search.
http://info.mail.yahoo.com/mail_250
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Win32/Gaobot, Agrobot, Agobot virus info.., John
Previous by Thread:  Re: what is the best procedure to track down a potentially new virus/worm/etc?, Angus Lou
Next by Thread:  RE: what is the best procedure to track down a potentially new vi rus/worm/etc?, Ziots, Edward
Indexes:  [Date] [Thread] [Top] [All Lists]