I kinda like Hashtab. Adds a tab to file properties in explorer, supports CRC, MD5, SHA1, and a bunch of others.
http://beeblebrox.org/ > -----Original Message----- > From: [email protected] [mailto:hardware- > [email protected]] On Behalf Of Mesdaq, Ali > Sent: Tuesday, November 02, 2010 7:06 PM > To: [email protected] > Subject: Re: [H] infected? > > MS has a tool that can generate SHA1 and MD5 hashes on files > http://support.microsoft.com/kb/841290 . You can generate the hashes and > either check online (http://www.virustotal.com/search.html) or send them > to the list to see if any of us can point you in the right direction. > > Thanks, > ------------------------------------------ > Ali Mesdaq (CISSP, GIAC-GREM) > Sr. Security Researcher > Websense Security Labs > http://www.WebsenseSecurityLabs.com > ------------------------------------------ > > > -----Original Message----- > From: [email protected] [mailto:hardware- > [email protected]] On Behalf Of DSinc > Sent: Tuesday, November 02, 2010 2:37 PM > To: [email protected] > Subject: Re: [H] infected? > > Ali, > Thanks. I do not know how to answer your question. > My view is above filenames ATM, and, I know zip about "hashes." > Duncan > > On 11/02/2010 17:14, Mesdaq, Ali wrote: > > Got filenames and hashes? > > > > Thanks, > > ------------------------------------------ > > Ali Mesdaq (CISSP, GIAC-GREM) > > Sr. Security Researcher > > Websense Security Labs > > http://www.WebsenseSecurityLabs.com > > ------------------------------------------ > > > > > > -----Original Message----- > > From: [email protected] > > [mailto:[email protected]] On Behalf Of DSinc > > Sent: Tuesday, November 02, 2010 12:41 PM > > To: HWG > > Subject: [H] infected? > > > > I suspect my home LAN is infected. > > I am chasing an odd trouble on one of my clients (jnk). > > Today, I find I have a Non-PlugNPlay Driver labeled "catchme" in my DM > view. > > Best I can trace it to may be 10/14/2010. > > > > Worse, I find this item on all of my XP clients!! > > Sorry, I forgot how to view None-PnP hidden items in W2K Server. > > I can not view them ATM, so, I will accept that my server has this > > item also! My bad. > > > > 6 hours of surfing and research leads me to rootkit. > > How painful is the cure? > > Best, > > Duncan > > > > > > > > To report this as spam, please forward to [email protected]. Thank > you. > > > > > > Protected by Websense Hosted Email Security -- www.websense.com > >
