RE: [Full-Disclosure] Looking for a tool

> -Original Message- > From: Schmehl, Paul L [mailto:[EMAIL PROTECTED] > Sent: Monday, March 01, 2004 3:38 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Looking for a tool > > I ran into a situation today where neither Foundstone's > Process Explorer nor Sysinternals' "pslist"

RE: [Full-Disclosure] Looking for a tool

Well, I usually use *sysinternals* Process Exporer, and have yet to see it fail to list a process... how do you know the process exists, if you can't list it? Nick J. -Original Message- From: Schmehl, Paul L Sent: Mon 3/1/2004 2:37 PM To: [EMAIL PROTEC

RE: [Full-Disclosure] Looking for a tool

Title: Message -Original Message-From: Nick Jacobsen [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 5:31 PMTo: Schmehl, Paul L; [EMAIL PROTECTED]Subject: RE: [Full-Disclosure] Looking for a tool Well, I usually use *sysinternals* Process Exporer, and have yet

Re: [Full-Disclosure] Looking for a tool

I am no windoze kernel expert, but could your culprit be a kernel thread of some sort? tim ___ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

RE: [Full-Disclosure] Looking for a tool

I once had the same problem. RUn msconfig and then boot with a minimal set of drivers. Try safe mode? Then try the sysinternal tools again. e.g I could not see a exe in the task manager in normal mode (i.e. could not kill it) but then in the restricted mode it did appear and then I could easily

RE: [Full-Disclosure] Looking for a tool

arço de 2004 23:37To: [EMAIL PROTECTED]Subject: RE: [Full-Disclosure] Looking for a tool -Original Message-From: Nick Jacobsen [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 5:31 PMTo: Schmehl, Paul L; [EMAIL PROTECTED]Subject: RE: [Full-Disclosure]

Re: [Full-Disclosure] Looking for a tool

for a tool -Original Message-From: Nick Jacobsen [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004 5:31 PMTo: Schmehl, Paul L; [EMAIL PROTECTED]Subject: RE: [Full-Disclosure] Looking for a tool Well, I usually use *sysinternals* Process Exporer, and have y

Re: [Full-Disclosure] Looking for a tool

Message - Original Message - From: Lan Guy To: Schmehl, Paul L ; [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 7:12 PM Subject: Re: [Full-Disclosure] Looking for a tool > I have this happen with a dll attached to iexplore.exe. > The dll was placing pornography in a new IE

Re: [Full-Disclosure] Looking for a tool

Gregh wrote: > A simple spyware remover would have rid of that for you with no need > to go to a lot of trouble. On the other hand - it is better for a techie to know *how* to do that from first principles, just in case the automated method doesn't work. __

Re: [Full-Disclosure] Looking for a tool

- Original Message - From: "Dave Howe" <[EMAIL PROTECTED]> To: "Email List: Full Disclosure" <[EMAIL PROTECTED]> Sent: Tuesday, March 02, 2004 11:18 PM Subject: Re: [Full-Disclosure] Looking for a tool > Gregh wrote: > > A simple spyware remov

RE: [Full-Disclosure] Looking for a tool

>...and on the other hand, spending time taking a computer out of the loop >and all that entails is much better than getting the job done without fuss? > >Where? want to work there! Please tell me where! :) > >In other words, learn off the job and apply sensible practice once there! So what you'

Re: [Full-Disclosure] Looking for a tool

try taskinfo, www.iarsn.com, make sure 2 run as admin coz it uses a driver hth, -g33k_sp33k > I ran into a situation today where neither Foundstone's Process > Explorer nor Sysinternals' "pslist" would list the master process that > was controlling some processes that I was trying to kill. Does a

RE: [Full-Disclosure] Looking for a tool

    From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Schmehl, Paul L Sent: Monday, March 01, 2004 3:37 PM To: [EMAIL PROTECTED] Subject: RE: [Full-Disclosure] Looking for a tool   -Original Message- From: Nick Jacobsen [mailto:[EMAIL PROTECTED] Sent: Monday, March 01, 2004

Re: [Full-Disclosure] Looking for a tool

Gregh wrote: > ...and on the other hand, spending time taking a computer out of the > loop and all that entails is much better than getting the job done > without fuss? And indeed this is the principle usually applied to motor cars - you know how to start and stop them and point them in vaguely the

RE: [Full-Disclosure] Looking for a tool

On Tue, 2004-03-02 at 00:36, Schmehl, Paul L wrote: > Well, I usually use *sysinternals* Process Exporer, and have > yet to see it fail to list a process... how do you know the > process exists, if you can't list it? > > Real simple. I have randomly name

RE: [Full-Disclosure] Looking for a tool

Arne Vidstrom has something useful here: http://ntsecurity.nu/toolbox/ ListModules ListModules lists the modules (EXE's and DLL's) that are loaded into a process. This can be useful in a forensic investigation. > OS: Windows NT 4.0 / 2000

Re: [Full-Disclosure] Looking for a tool

Paul, > I ran into a situation today where neither > Foundstone's Process Explorer > nor Sysinternals' "pslist" would list the master > process that was > controlling some processes that I was trying to > kill. Does anyone on > the list know of a better utility that will list > *all* running pro

Re: [Full-Disclosure] Looking for a tool

- Original Message - From: "Jos Osborne" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 1:09 AM Subject: RE: [Full-Disclosure] Looking for a tool > >...and on the other hand, spending time taking a computer out of the loop >

Re: [Full-Disclosure] Looking for a tool

- Original Message - From: "Dave Howe" <[EMAIL PROTECTED]> To: "Email List: Full Disclosure" <[EMAIL PROTECTED]> Sent: Wednesday, March 03, 2004 1:54 AM Subject: Re: [Full-Disclosure] Looking for a tool > Gregh wrote: > > ...and on the other han

Re: [Full-Disclosure] Looking for a tool

- Original Message - From: "Brad Griffin" <[EMAIL PROTECTED]> To: "Gregh" <[EMAIL PROTECTED]>; "Dave Howe" <[EMAIL PROTECTED]> Cc: "Lan Guy" <[EMAIL PROTECTED]>; "Schmehl, Paul L" <[EMAIL PROTECTED]> Sent: Wed

RE: [Full-Disclosure] Looking for a tool

> I am no windoze kernel expert, but could your culprit be a kernel thread > of some sort? windows kernel thread ? no, me thinks its a service Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) __

RE: [Full-Disclosure] Looking for a tool

Just out of curiosity, would it be ok to not speculate? Speculation turns IR activities to crap very, very quickly... --- "Aditya, ALD [Aditya Lalit Deshmukh]" <[EMAIL PROTECTED]> wrote: > > I am no windoze kernel expert, but could your > culprit be a kernel thread > > of some sort? > > windows

RE: [Full-Disclosure] Looking for a tool

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Harlan > Carvey > Sent: Thursday, March 04, 2004 12:23 AM > To: [EMAIL PROTECTED]; Tim; Schmehl, Paul L > Cc: [EMAIL PROTECTED] > Subject: RE: [Full-Disclosure] Looking for a

RE: [Full-Disclosure] Looking for a tool

> ok i was not speculating, this proecess is a win32 > service. these types of images cannot be stopped by > a admin from the process manager, they have to be > stopped from the serives mmc under the > admininstative tools in contol panel. > > since this is exactly what the first post described