[unisog] Compromised student system
WillS at housing.ufl.edu
Fri Feb 7 14:23:03 GMT 2003
Sysinternals.com has a free utility called handle.exe that might help you out. I think it matches filenames to pids. They have a couple of other free tools that you could probably use to track this down.
> -----Original Message-----
> From: Chris Wilson [mailto:chrisw at nipissingu.ca]
> Sent: Thursday, February 06, 2003 2:22 PM
> To: unisog at sans.org
> Subject: [unisog] Compromised student system
> We are curently looking at a student system that is running
> Win XP home. The system seems to be doing alot on port 25.
> but we have been unable to findout what processes are running
> on the system
> when the task manager is atempted to be opened it is auto
> closing itsself almost instantly.
> many ports are open when looked at with netstat -ANO
More information about the unisog