Ali, Thanks. I do not know how to answer your question. My view is above filenames ATM, and, I know zip about "hashes." Duncan
On 11/02/2010 17:14, Mesdaq, Ali wrote:
Got filenames and hashes? Thanks, ------------------------------------------ Ali Mesdaq (CISSP, GIAC-GREM) Sr. Security Researcher Websense Security Labs http://www.WebsenseSecurityLabs.com ------------------------------------------ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of DSinc Sent: Tuesday, November 02, 2010 12:41 PM To: HWG Subject: [H] infected? I suspect my home LAN is infected. I am chasing an odd trouble on one of my clients (jnk). Today, I find I have a Non-PlugNPlay Driver labeled "catchme" in my DM view. Best I can trace it to may be 10/14/2010. Worse, I find this item on all of my XP clients!! Sorry, I forgot how to view None-PnP hidden items in W2K Server. I can not view them ATM, so, I will accept that my server has this item also! My bad. 6 hours of surfing and research leads me to rootkit. How painful is the cure? Best, Duncan To report this as spam, please forward to [email protected]. Thank you. Protected by Websense Hosted Email Security -- www.websense.com
