|
Otacon posted:My Toolkit lately has included 4 pieces of software: Thanks for the SuperANTISpyware recommendations in this thread. I'm a HUGE NOD32 fan, but it failed me today. I remembered looking at this thread, and came back, downloaded the free edition, and will now be purchasing a professional license.
|
#
¿
Dec 18, 2008 16:21
|
|
|
|
| # ¿ May 21, 2024 02:42 |
|
|
By the way, if you have things that are "hidden", and resurgent or whatever, you need this tool: http://www.gmer.net/index.php It's aimed at rootkits but really it picks up anything running on the system.
|
|
#
¿
Dec 18, 2008 21:21
|
|
|
BillWh0re posted:Different tools for different jobs mainly. Process Explorer is great for seeing whats happening with loaded modules and handles. GMER is more of a rootkit-revealer type tool and extracts a lot of information about the internal state of the Windows kernel (and even the DOS IVTs and boot sectors). This is pretty much exactly it. ProcEXP doesn't show hidden services or other things like that; this will show (and highlight in red!) the bad guys. It's small and light, but packs a mean punch (insofar as details about what's going on) and is way easy to misuse.
|
|
#
¿
Dec 18, 2008 22:39
|
|
|
hyperborean posted:If you mean things that hide in svchost or whatever, yes it does. Maybe not to the same extent? And they do have to be running, going by what BillWh0re says maybe they don't with GMER? I use ProcEXP as my task manager replacement on my work laptop, and I don't see the same thing - I've only seen hidden services here and there, but I've never seen one with ProcEXP. I unfortunately lack the terminology to explain what the difference is, but essentially I don't mean the stuff launching as a service through SVCHost (which ProcEXP will show), but services that are actually "hidden" services. There's also some weird process injection stuff that it will pick up and highlight as well - that autoruns doesn't find. It's essentially a robust rootkit revealer, but if said rootkit/hidden process/whatever is in memory, you know about it instantly. Before GMER, I would bang my head against a wall trying to figure out where the hell this poo poo was spawning from. When you get a non-standard PE386 rootkit or some poo poo, you'll understand the true power of GMER. I also like it's ability to kill every process on the system and go into GMER safe mode - without rebooting. Killing auto-regenerating files has never been easier.
|
|
#
¿
Dec 19, 2008 01:06
|
|
|
darkforce898 posted:GMER is telling me things that the Internet knows nothing about... None of these things show anything in Google, but I think the devices section is fine. I can't find references to spdz.sys on google (like you said) - find the file on your system and determine if it's related to something of value by inferring from it's location and from it's properties. The SiWinAcc seems to be related to a storage driver - so you should leave it alone. (Silicon Image makes storage controller chipsets)
|
|
#
¿
Dec 20, 2008 20:14
|
|