[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Identifying Memory Resident Trojans

Posted on 2004-10-23
5
Medium Priority
?
348 Views
Last Modified: 2010-04-11
I am trying to clean up a mchine that was heavily infected and am down to the last Trojan.  This one is memory resident because every time I delete the entries in the registry, they are immediately recreated.  

How can I get a listing of memory resident services?

0
Comment
Question by:Chris_m
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12388619
silly question: if you still know it is a memory trojan, why do you want to get a list?
If it is a memory trojan, shutdown, poweroff, then poweron and boot. Ready.
KISS - keep it stupid simple.
0
 

Author Comment

by:Chris_m
ID: 12393422
It may be a silly question, but I still would like to know if it is possible to get a list of tasks/services that are running in memory.

Regards
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12394906
does such a list help if the trojan knows to hide itself
0
 

Author Comment

by:Chris_m
ID: 12398007
Well, I hope so because adaware identifies it as virtumundo and whenever I delete the ATLEvents Registry entries in the HKEY_CLASSES_ROOT they are recreated and I cannot find the process that is causing this to happen.

Regards
0
 
LVL 4

Accepted Solution

by:
tmcguiness earned 200 total points
ID: 12398969
http://www.neuber.com/taskmanager/

This tool may help. Take a look and see.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question