On Thu, 2004-12-23 at 21:22 -0500, Carilda A Thomas wrote: <snip> > Task manager is also > destroyed, so there is no help there. <snip> Try using filemon, regmon, pstools and tcpview from www.sysinternals.com. As long as the attacker hasn't hijacked any system calls this should provide enough information to at least recognise a rogue program. With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html