Tried checking it with an AV ? http://quickscan.bitdefender.com
On Jul 12, 2012, at 12:06 AM, phocean wrote: > The machine is Windows XP SP3 quite up-to-date, but not fully. Except that > Windows Update is not working anymore. > One of the symptoms. > > I described the issues there: > http://www.phocean.net/2012/06/30/rootkit-in-my-lab.html > http://www.phocean.net/2012/07/11/rootkit-in-my-lab-part-ii.html > > You will see why some symptoms make me think about a rootkit. > > You are right, it could be some Windows being messed up. > But it actually happened on a pretty fresh install: I finished setting XP and > tens of analysis tools (I aimed this box to be my fresh reversing system). > So even if possible, it sounds strange that a machine gets corrupted so > quickly. And of course, I suspect some of these tools, got from multiple > downloads. > At last, I could analyse them one by one of course, but there are many so it > would be painful (and I am not sure that I kept all setups). > > --- phocean > > > Le 11 juil. 2012 à 22:51, [email protected] a écrit : > >> On Wed, 11 Jul 2012 22:42:42 +0200, phocean said: >>> I have a lab virtual machine that behaves as if it was owned by a >>> rootkit: weird behavior with system certificates and keyboard driver. >> >> Out of curiosity, why are you guessing it's a rootkit, rather than just >> another >> case of Windows being messed up and needing fixing? >> >> What release of Windows? When did it start misbehaving? Was that >> anytime near Patch Tuesday? > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
