SysInternals has an excellent free process viewer called,
Process Explorer. I just noticed it was updated to v8.x a couple weeks ago. (You can ignore the error you may get about symbols the first time you run it.) It takes the NT-style process list in WinXP to a new level, showing the actual path to the process and displays them in a tree layout which shows what started the process. Worms that run as lsass.exe which look legit in the WinXP process list can be revelaed for the imposter they are once you are able to see that the path to the executable file isn't the same as the legitimate lsass.exe.
Here is the link to
Spybot Search & Destroy. Install it, check for and install all updates,
then let it scan your system.
Update your anti-virus software!
Quote:
|
Originally Posted by David Prahl
... Or you can fool your current AV software by changing the system time back a few weeks. ...
|
That generally doesn't work anymore. Most subscription-based software uses more sophisticated means of tracking subscription status than a simple check of the local system time. Until WinXP came out, I'd routinely run into systems during service calls where the system clock was anywhere from a few minutes to a few weeks off, so having the software rely on the system time is risky. (WinXP automatically resets the system clock once a week or so to closely match an atomic clock so very few WinXP systems have a clock that's incorrect by more than a minute or two.)
XP Problems, non-PPC
Linear Mode
