Does anyone know which infection always has the NICK set to start with
a carat ^?
Thanks!
On Sat, May 17, 2008 at 4:10 AM, <admin (at) systemstates (dot) net [email concealed]> wrote:
>
> Hi Tony,
>
> Never seen this before with a bot - would be worth running some of the
> rootkit checking programs (e.g. Rootkit Revealer -
> http://technet.microsoft.com/en-gb/sysinternals/bb897445.aspx) and
> having a look through the startup entries using HijackThis.
>
> Having said that, if it comes up 'clean', you still won't know for sure.
> It might be better to scrub the box and start again from known good
> backups.
>
> cheers,
>
> --
> www.systemstates.net - penetration test / IDS / incident response
>
>
>
> -------- Original Message --------
> Subject: Possible Zombie/Bot?
> From: "Tony Raboza" <tonyraboza (at) gmail (dot) com [email concealed]>
> Date: Mon, May 12, 2008 2:08 pm
> To: incidents (at) securityfocus (dot) com [email concealed]
>
>
> I'm thinking this might be a sign that this PC is part of a botnet?
> How can I be certain? And what kind of botnet/worm exhibit the
> behavior as above?
>
> Thank you very much.
>
>
>
> Sincerely,
> Tony
>
>
a carat ^?
Thanks!
On Sat, May 17, 2008 at 4:10 AM, <admin (at) systemstates (dot) net [email concealed]> wrote:
>
> Hi Tony,
>
> Never seen this before with a bot - would be worth running some of the
> rootkit checking programs (e.g. Rootkit Revealer -
> http://technet.microsoft.com/en-gb/sysinternals/bb897445.aspx) and
> having a look through the startup entries using HijackThis.
>
> Having said that, if it comes up 'clean', you still won't know for sure.
> It might be better to scrub the box and start again from known good
> backups.
>
> cheers,
>
> --
> www.systemstates.net - penetration test / IDS / incident response
>
>
>
> -------- Original Message --------
> Subject: Possible Zombie/Bot?
> From: "Tony Raboza" <tonyraboza (at) gmail (dot) com [email concealed]>
> Date: Mon, May 12, 2008 2:08 pm
> To: incidents (at) securityfocus (dot) com [email concealed]
>
>
> I'm thinking this might be a sign that this PC is part of a botnet?
> How can I be certain? And what kind of botnet/worm exhibit the
> behavior as above?
>
> Thank you very much.
>
>
>
> Sincerely,
> Tony
>
>
[ reply ]