Thanks, Jackie. That's a great help. George. -----Original Message----- From: blind-sysadmins-bounces@lists.hodgsonfamily.org [mailto:blind-sysadmins-bounces@lists.hodgsonfamily.org] On Behalf Of Jackie McBride Sent: 26 April 2011 13:42 To: Blind sysadmins list Subject: Re: [Blind-sysadmins] Malware taking over PC's George, dc it from the network, then download hijackthis from www.trendmicro.com It's under downloads > free tools >cleanup. U can put it on a flash drive & xfer it to the infected machine. Please note that this program lists both good & bad stuff, some of which, if u delete it, will kill your machine, so having a trained person look at it is recommended. It also does not find stuff like rootkits, for which u should likely use something like process explorer. What it does do is list those parts of the registry where malware can be run from, &, as such, is an excelent starting point for ferroting out the baddies. Also netstat /B (note the uppercase b) from the command line can give u an idea of active connections. U will want to run that b4 u kill the network connection, obviously. Piping the command to a file so u can look at it later would probly b helpful. Let me know if u need more help, though, having said thus, I'll be out most of the day. On 4/26/11, George Bell <george@techno-vision.co.uk> wrote:
I'm looking for advice and suggestions on software tracking down malware which appears to be using a PC to perform massive downloads.
To describe the issue, Virgin are claiming that a system has downloaded over 700 GIGA bytes on a 50 GB cable connection. The machine is never left on overnight or for extended periods of non-use.
Sadly, Virgin a not being very helpful.
Any ideas?
George.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Blame the computer--why not? It can't defend itself & occasionally might even be the culprit Jackie McBride Jaws Scripting training materials: www.screenreaderscripting.com homePage: www.abletec.serverheaven.net _______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org http://lists.hodgsonfamily.org/listinfo/blind-sysadmins