No

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #195,490

2/19/05 2:43:00 AM

It's a tool that runs from something akin to a LiveCD and diffs the output of "dir /s /a" using the dir commands from the LiveCD and from the corrupted system. The files that show up on one list and not the other would be the ones being hidden by the malware. REsults are saved to a floppy or USB drive that is only connected while the LiveCD is "live".

One could probably fashion the same from a Linux LiveCD with read-only NTFS support enabled.

--
Chris Altmann

scumware on Windows will use kernel rootkits - (ben_tilly) - (3) - Feb. 18, 2005, 05:46:04 PM EST

I'll still be on OS/2, laughing up a storm. -NT - (n3jja) - Feb. 18, 2005, 06:24:35 PM EST

Why would MS announce this? - (drewk) - (1) - Feb. 18, 2005, 10:56:06 PM EST

No - (altmann) - Feb. 19, 2005, 02:43:00 AM EST

iwethey.org

Remember... save the wax!
48 ms