hidden hit counter
Welcome to WindowsForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

Infection Investigation

  
   Win 2000/NT/98/ME (Home) -> Security RSS
Next:  post sp4 patches/hotfixes  
Author Message
markb

External


Since: Jan 28, 2008
Posts: 1



(Msg. 1) Posted: Mon Jan 28, 2008 8:55 am
Post subject: Infection Investigation
Archived from groups: microsoft>public>win2000>security (more info?)
Recently a computer running Windows 2000 SP4 was infected with a worm. It
claimed to be the netsky32. I used the Malicious Software Removal Tool to
remove it. I need to find out when this system was infected. This particular
worm causes IE to launch and contact a website. So I was thinking of a tool
that will pull up a log and help me to interpret the results. I know the day
the infection occured, just not the time. The RegMon tool is great, but shows
real-time and I need to look back through the log to 14 days ago.

Please assist.
--
Markb

 >> Stay informed about: Infection Investigation 
Back to top
Login to vote
Rajdeep

External


Since: Feb 06, 2008
Posts: 1



(Msg. 2) Posted: Wed Feb 06, 2008 11:40 am
Post subject: RE: Infection Investigation [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Hi Mark,

Without proper information on the infection and the symptoms, its very
difficult to give a reply. However, there are certain ways by which you can
assist us. There is a very good tool called HijackThis. It would be of much
help if you can send the log of your system saved with HijackThis. However,
if you use any AntiVirus, it is recommended that you update it with the
latest definition and then do a complete system scan from Safe Mode.

HijackThis log would be appreciated as we can analyze it to assist u better.

"markb" wrote:

> Recently a computer running Windows 2000 SP4 was infected with a worm. It
> claimed to be the netsky32. I used the Malicious Software Removal Tool to
> remove it. I need to find out when this system was infected. This particular
> worm causes IE to launch and contact a website. So I was thinking of a tool
> that will pull up a log and help me to interpret the results. I know the day
> the infection occured, just not the time. The RegMon tool is great, but shows
> real-time and I need to look back through the log to 14 days ago.
>
> Please assist.
> --
> Markb

 >> Stay informed about: Infection Investigation 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
Spyware - Have tried all sorts of software -- adware, spybot, cwshredder -- still having internet taken over by something. anyone know of anything that will help me?

been hacked, tlntsvr.exe cannot be shutdown - Hi, I found 27 Gig of movies and games on my server today. I was able to expunge them, although they were very sneaky and clever about changing ownership and permissions (they were hidden in RECYCLER folder). But after running AV software and..

KB832483 recurring notice - Windows Update - After installing (from Windows Update patch KB832483) and restarting my Windows 2000 servers, several of them keep notifying me again over and over to install this same patch (KB832483) during successive logins a few days later.. If I install the patc...

Lost Administrator Password - I lost the password to my Administator account. How do I recover it? Also, how can perform a reinstall without logging in via the Administrator account?

User Privilages - Hi All, I am administrator for a network and we have purchased a new software(Accounting) but for that perticular software I cannot make the user "restricted user". If i do so it gives a license issue where it stops working. Since it...
   Win 2000/NT/98/ME (Home) -> Security All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You can edit your posts in this forum
You can delete your posts in this forum
You can vote in polls in this forum

Categories:
 Windows XP
  Win 2000/NT/98/ME
 Windows Vista!

[ Contact us | Terms of Service/Privacy Policy ]