hmmmmmmm..
This seems reminiscent of a semi-new breed of Trojan-Horse applications that contain an internal database of "known" AntiVirus software executable names (how ironic) to terminate upon execution. You probably can't start norton OR kaspersky if you decide to install it because this program is already in memory and is monitoring for AV utilities to terminate as soon as you start/install them.
Of course I could be wrong, just a thought.
Now, you'll have to check every known start-up method and remove suspicious entries so that they are unable to start up with the rest of your "legit" programs. Also download an enhanced process viewer (procexp from sysinternals is my favorite for win32/64) and terminate suspicious shit that's been loaded in memory.
Check netstat.exe to determine if your system is listening on any suspicious TCP/UDP ports as well, if possible use a process-to-endpoint mapper to see what processes are bound to particular ports. BTW if you've been infected with on of the newer trojans that use "cloaking technology" via the use of API-hooks, I have to say you're fucked and re-format unless your some kind of computer engineer. heh.
-good luck
|
06-05-2003, 00:03
Similar Threads
Threaded Mode