Focus on Virus
what is the best procedure to track down a potentially new virus/worm/etc? Dec 10 2004 06:50PM
Rodrigo Ventura (yoda isr ist utl pt) (5 replies)
Re: what is the best procedure to track down a potentially new virus/worm/etc? Dec 14 2004 11:59PM
GuidoZ (uberguidoz gmail com)
RE: what is the best procedure to track down a potentially new virus/worm/etc? Dec 14 2004 10:21PM
Roger Padilla Jr (ropadill calpoly edu)
Re: what is the best procedure to track down a potentially new virus/worm/etc? Dec 14 2004 09:14PM
Phil Nelson (pdn PhilNelson DNSalias net)
Re: what is the best procedure to track down a potentially new virus/worm/etc? Dec 14 2004 08:25PM
John Barton (jbarton technicalworks net)
Re: what is the best procedure to track down a potentially new virus/worm/etc? Dec 14 2004 08:19PM
John Barton (jbarton technicalworks net) (1 replies)

>
> It it were UNIX, I could use commands like socklist and netstat to
> track down the malware processes. But in Windows XP, I don't know what
> to use. Are there any built-in utilities? Some freeware stuff? All
> help is welcome.

There should be something here you can use to determine which process is
the culprit...

>
> And regarding the IRC server IPs, is it worthwhile to report them to
> the authorities specified in the whois databases?
>

It can't hurt, the ISP may or may not act on your information, but it is
worth a shot. It would greatly help your case if you sent them copies of
your logs containing the pertinent information..

> Cheers,
>
> Rodrigo
>
Regards,
-John

John Barton
jbarton (at) technicalworks (dot) net [email concealed]

[ reply ]
Re: what is the best procedure to track down a potentially new virus/worm/etc? Dec 15 2004 01:56AM
Rich Gardner (rich gardner gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus