Trojan Horse Agent Amaw - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Trojan Horse Agent Amaw

David H. Lipman wrote:
Quoted text here. Click to load it

Looks good, I'll be trying it out. But there are other rootkit sniffers
out there. Here's an overview article:

http://windowsitpro.com/article/articleid/93360/rootkit-removal-tools.html

HTH

--
Wolf Kirchmeir

Re: Trojan Horse Agent Amaw


| David H. Lipman wrote:



Quoted text here. Click to load it







| Looks good, I'll be trying it out. But there are other rootkit sniffers
| out there. Here's an overview article:

| http://windowsitpro.com/article/articleid/93360/rootkit-removal-tools.html

| HTH

| --
| Wolf Kirchmeir

There are others but, Gmer is the *best* :-)

It is really good at identify and removing RootKits as well as malware using ADS.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Re: Trojan Horse Agent Amaw

David H. Lipman wrote:
Quoted text here. Click to load it

Thanks. Your opinion carries weight. :-)

--
Wolf Kirchmeir

Re: Trojan Horse Agent Amaw


Quoted text here. Click to load it

Dave, I looked at GMER, but how does the layman know what's good and what's
bad,and what, and what not to delete?



Re: Trojan Horse Agent Amaw




| Dave, I looked at GMER, but how does the layman know what's good and what's
| bad,and what, and what not to delete?

Gmer will point out what is identified as a RootKit or point out what's Hidden
as in the
below...

---- Processes - GMER 1.0.14 ----

Library         D:\WINDOWS\system32:myspacce.exe (*** hidden *** ) @
D:\WINDOWS\system32:myspacce.exe [408]
0x00400000
Library         D:\WINDOWS\system32:myspacce.exe (*** hidden *** ) @
D:\WINDOWS\system32:myspacce.exe [2000]
0x00400000


---- Files - GMER 1.0.14 ----

ADS             D:\WINDOWS\system32:myspacce.exe

ADS -- Alternate Data Stream
Often used to hide malware.

http://en.wikipedia.org/wiki/Fork_ (filesystem)

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp



Site Timeline