I wouldnt run detection tools from the OS, use a BootCD. Pref: FIRE or Knoppix/Knoppix-STD
FIRE by DMZ Services Inc. http://fire.dmzs.com/ Knoppix STD 0.1 http://www.knoppix-std.org/ KNOPPIX Bootable Linux CD http://www.knopper.net/knoppix/index-en.html Good Luck, Dominick S. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BillyBob Sent: Saturday, October 23, 2004 12:05 PM To: Full Disclosure Subject: [Full-Disclosure] Help, possible rootkit I have noticed that my XP system is behaving like I have a rootkit. - My mouse is jumpy (it freezes for a second when I move it around the desktop) and the minimized Taskmanager in the systray shows I have around 25 - 30 % usage, but when I open it, there is no process listed using this much. - I did a netstat, fport, openports and none of these show that I have any odd ports open or any connections established. - even when I disconnect from the Internet these symptoms do not stop. They stop if I reboot, but then start again. I have ran VICE, Klister, PatchFinder and RkDetect from rootkit.com and they could not find anything. Any more suggestions ? Any more rootkit finding tools for Windows ? Thanks Bill _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
