[plug] Nasty windows viruses (somewhat on topic, really!)

Michael Holland myk at westnet.com.au
Wed Jul 14 10:31:27 WST 2004


You could make an expendable copy of part of a windows partition, and
"share" it. The trojan might be looking at the \windows or
 "Documents and Settings". Raise the log/debug level. You couldn't expect
it to normally log every action.
  Then let the trojan loose, and compare data to the original later, as
well as atimes. I'd guess SMB can reset mtime on modified files, but not atime?
  Also watch the firewall for possible attempts to send data home.


--



More information about the plug mailing list