Security Incidents mailing list archives

RE: Help, possible rootkit

From: "Bowes, Ronald (EST)" <RBowes () gov mb ca>
Date: Mon, 25 Oct 2004 08:33:14 -0500

I had a very similar problem on Windows XP when I ran out of harddrive
space.  Ensure that you have at least 500mb or more of free space, otherwise
Windows insists on eating itself.


Ron Bowes
Information Protection Centre
Government Of Manitoba

-----Original Message-----
From: BillyBob [mailto:billybobknob () hotmail com] 
Sent: Saturday, October 23, 2004 11:06 AM
To: Incidents
Subject: Help, possible rootkit

I have noticed that my XP system is behaving like I have a rootkit.

- My mouse is jumpy (it freezes for a second when I move it around the
desktop) and the minimized Taskmanager in the systray shows I have around
25 - 30 % usage, but when I open it, there is no process listed using this
much.
- I did a netstat, fport, openports and none of these show that I have any
odd ports open or any connections established.
- even when I disconnect from the Internet these symptoms do not stop.  They
stop if I reboot, but then start again.

I have ran VICE, Klister, PatchFinder and RkDetect from rootkit.com and they
could not find anything.

Any more suggestions ?
Any more rootkit finding tools for Windows ?

Thanks
Bill

Current thread:

Help, possible rootkit BillyBob (Oct 24)
- Re: Help, possible rootkit Glenn Sieb (Oct 24)
- Re: Help, possible rootkit Harlan Carvey (Oct 24)
- Re: Help, possible rootkit Arias Hung (Oct 24)
- Re: Help, possible rootkit Marcus Merrin (Oct 24)
- RE: Help, possible rootkit Benjamin Tomhave (Oct 24)
  - RE: Help, possible rootkit Leif Ericksen (Oct 25)
- <Possible follow-ups>
- Re: Help, possible rootkit Ralph W. Reid (Oct 24)
- RE: Help, possible rootkit Tony Langdon (ATC) (Oct 25)
- RE: Help, possible rootkit k levinson (Oct 25)
- RE: Help, possible rootkit Bowes, Ronald (EST) (Oct 25)