Security Basics mailing list archives
Re: worm that crashes win explorer upon search
From: keydet89 () yahoo com
Date: 2 Aug 2005 20:23:19 -0000
This seems to be somehow associated with the shell, so go to SysInternals.com, and get a copy of listdlls.exe, as well as handle.exe. Go to a system on which this activity does NOT occur, and run the tools, getting all the information you can for the explorer.exe process. For handle.exe, use the '-a' switch. Then got to a couple of systems that are affected by this behaviour and run the same commands, and then look through the files to see what's different. Again, you're only interested in the Explorer.exe process for the moment. Start w/ listdlls.exe first, and save handle.exe if you don't find anything. What you're looking for is additional (possibly misbehaving) DLLs that may be loaded, or different versions of those DLLs. HTH, H. Carvey "Windows Forensics and Incident Recovery" http://www.windows-ir.com http://windowsir.blogspot.com
Current thread:
- worm that crashes win explorer upon search Leon (Aug 02)
- <Possible follow-ups>
- Re: worm that crashes win explorer upon search keydet89 (Aug 03)
- RE: worm that crashes win explorer upon search Luis Osorio (Aug 16)
- Message not available
- Re: worm that crashes win explorer upon search Douglas Duckworth (Aug 22)
- Message not available