[unisog] Compromised student system

Will Saxon WillS at housing.ufl.edu
Fri Feb 7 14:23:03 GMT 2003


Sysinternals.com has a free utility called handle.exe that might help you out. I think it matches filenames to pids. They have a couple of other free tools that you could probably use to track this down.

-Will

> -----Original Message-----
> From: Chris Wilson [mailto:chrisw at nipissingu.ca]
> Sent: Thursday, February 06, 2003 2:22 PM
> To: unisog at sans.org
> Subject: [unisog] Compromised student system
> 
> 
> We are curently looking at a student system that is running 
> Win XP home. The system seems to be doing alot on port 25. 
> but we have been unable to findout what processes are running 
> on the system
> 
> 
> when the task manager is atempted to be opened it is auto 
> closing itsself almost instantly.
> 
> many ports are open when looked at with netstat -ANO 
> 
> 



More information about the unisog mailing list