Hi,
Just wanted to add my $0.02. If the original poster was genuine then the
methodology is IMHO flawed. It is a difficult problem to check for 'hacking
tools', the name is only a rename away. It is by far safer to checksum
known clean files (80% or more executable will be on an install CD) and
then flag those file that are unknown and investigate them.
pob
PS See my sig. my opinions may be skewed by virtue of my employer. Opinions
stated are not necessarily those of my employer.
--
Paul Baccas, Virus Researcher, Sophos Anti-Virus
Email: [EMAIL PROTECTED], Tel: 01235 559933, Web: www.sophos.com
US Support: +1 888 SOPHOS 9 UK Support: +44 1235 559933
