Solved

Identifying Memory Resident Trojans

Posted on 2004-10-23
339 Views
Last Modified: 2010-04-11
I am trying to clean up a mchine that was heavily infected and am down to the last Trojan.  This one is memory resident because every time I delete the entries in the registry, they are immediately recreated.  

How can I get a listing of memory resident services?

0
Question by:Chris_m
    5 Comments
     
    LVL 51

    Expert Comment

    by:ahoffmann
    silly question: if you still know it is a memory trojan, why do you want to get a list?
    If it is a memory trojan, shutdown, poweroff, then poweron and boot. Ready.
    KISS - keep it stupid simple.
    0
     

    Author Comment

    by:Chris_m
    It may be a silly question, but I still would like to know if it is possible to get a list of tasks/services that are running in memory.

    Regards
    0
     
    LVL 51

    Expert Comment

    by:ahoffmann
    does such a list help if the trojan knows to hide itself
    0
     

    Author Comment

    by:Chris_m
    Well, I hope so because adaware identifies it as virtumundo and whenever I delete the ATLEvents Registry entries in the HKEY_CLASSES_ROOT they are recreated and I cannot find the process that is causing this to happen.

    Regards
    0
     
    LVL 4

    Accepted Solution

    by:
    http://www.neuber.com/taskmanager/

    This tool may help. Take a look and see.
    0

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    When the confidentiality and security of your data is a must, trust the highly encrypted cloud fax portfolio used by 12 million businesses worldwide, including nearly half of the Fortune 500.
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

    884 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now