Threat from the Web is getting nastier each day. Every week, you see hundred of Trojan appear while you are surfing, and I know how much you like to click that seems “interesting” link. I recently came across a method to capture them with ease; any IT profession should be able to rig it up. Here’s how,1. Open a notepad and insert the below code
Dir C:\Windows\System32\*.exe > D:\trap\exelist.txt
Dir C:\Windows\System32\*.dll > D:\trap\dllist.txt
2. Create a folder ‘trap’ in D: and save above file as ‘list.cmd’ in it.
3. Open another notepad. This time insert below code.
Dir C:\Windows\System32\*.exe > D:\trap\exelist_1.txt
Dir C:\Windows\System32\*.dll > D:\trap\dllist_1.txt
Fc exelist.txt exelist_1.txt > exe.txt
Fc dllist.txt dllist_1.txt > dll.txt
4. Save as ’inspect.cmd’ in the same folder.
Run ‘list’ only once, this will capture all exe and dll file name to txt. Run ‘inspect’ after you suspect a Trojan aboard. Open the final exe.txt or dll.txt, you should see newly added exe or dll to your System32 folder. Usually, there should only be new exe or dll in System32 after ‘something’ is installed. There, you got it.
You, realize that this method can be nifty? Use your imagination.
Source: PC Station HK, one of the best IT magazines I ever read.
No comments:
Post a Comment