• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

Identifying Memory Resident Trojans

I am trying to clean up a mchine that was heavily infected and am down to the last Trojan.  This one is memory resident because every time I delete the entries in the registry, they are immediately recreated.  

How can I get a listing of memory resident services?

0
Chris_m
Asked:
Chris_m
  • 2
  • 2
1 Solution
 
ahoffmannCommented:
silly question: if you still know it is a memory trojan, why do you want to get a list?
If it is a memory trojan, shutdown, poweroff, then poweron and boot. Ready.
KISS - keep it stupid simple.
0
 
Chris_mAuthor Commented:
It may be a silly question, but I still would like to know if it is possible to get a list of tasks/services that are running in memory.

Regards
0
 
ahoffmannCommented:
does such a list help if the trojan knows to hide itself
0
 
Chris_mAuthor Commented:
Well, I hope so because adaware identifies it as virtumundo and whenever I delete the ATLEvents Registry entries in the HKEY_CLASSES_ROOT they are recreated and I cannot find the process that is causing this to happen.

Regards
0
 
tmcguinessCommented:
http://www.neuber.com/taskmanager/

This tool may help. Take a look and see.
0

Featured Post

Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now