In addition to the other advice already given, if
you're still interested in trying to confirm or deny
whether this could be a root kit, even though RKDetect
found nothing...
Try scanning and inspecting the computer using the
same tools you've used, as well as up to date
anti-virus and looking at the startup values in the
Registry... but instead of using them remotely, try
using them across the network through Windows
networking from another Windows computer, or after
slaving the hard drive to another Windows system.
[Booting to another OS such as a Knoppix or
www.bitdefender.com CD to inspect the file system for
new or unusual files might help as well, although
those may not support detection of files hidden by
ADS, and many of your Windows detection tools won't
work.]
Try also searching for files that have changed in the
past day or three.
There are programs that let you inspect the programs
that start up with Windows, such as the MSCONFIG
command, Silent Runners from www.silentrunners.org
[looks in some places the others don't], Startup List,
Startup Cop, etc.
LADS from www.heysoft.de and ADSSpy will let you
inspect files hidden by ADS. Note that Windows uses
ADS for image thumbnails and XP SP2 AES zone
information. But anything malicious would probably be
easily overlooked amongst the many legitimate ADS
files you're likely to find.
I wonder whether you've run the command NETSTAT -ANO
?
Inspecting your firewall logs or running Ethereal
locally to look forfor unusual network traffic from
your system might also be helpful in some
circumstances.
- karl levinson
--- BillyBob <billybobknob@hotmail.com> wrote:
I have noticed that my XP system is behaving like
I
have a rootkit.
Any more suggestions ?
Any more rootkit finding tools for Windows ?
__________________________________
Do you Yahoo!?
Yahoo! Mail - You care about security. So do we.
http://promotions.yahoo.com/new_mail
