At 09:39 AM 26/05/2010, Christopher Fisk wrote:
On Wed, 26 May 2010, Thane Sherrington wrote:
Have you tried using an MD5 hash on the files in the Windows folder
and subfolders and compared it to a known good hash to try to find
infections? I've been playing with that.
Nope, so far I've been pretty lucky by sorting by date changed and
seeing if files show up with modified dates that don't make
sense. Allows a quick visual infection scan in the various folders
that hold dll, exe and sys files.
That's not a bad idea either. I should automate something like that
in my system.
T
