realtime TRIPWIRE like software required

realtime TRIPWIRE like software required
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 General Computer Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
realtime TRIPWIRE like software required blackboab 10-21-2005
Posted by blackboab on October 21, 2005, 9:48 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi

I recently got a trojan which copied itself to my disk, updated the
registry and
then copied itself into memory.

the anti virus software didnt blink,

there was nothing in the event log,

how come all of this can happen without windows informing me in any way
?

how come windows doesnt inform me if someone starts copying the files
from my disk ?

i want a realtime software (TRIPWIRE is not real time and must be run
at set intervals ) which will inform me when a file is being copied
to/from my system
and do i agree to let it happen.,

it should also prompt me before any changes to the registry are made.

where can i get such software ?



Posted by M Trimble on October 22, 2005, 9:15 am
If you were  Registered and logged in, you could reply and use other advanced thread options
On Fri, 21 Oct 2005 09:48:30 -0700, blackboab wrote:

> Hi
>
> I recently got a trojan which copied itself to my disk, updated the
> registry and
> then copied itself into memory.
>
> the anti virus software didnt blink,
>
> there was nothing in the event log,
>
> how come all of this can happen without windows informing me in any way ?
>
> how come windows doesnt inform me if someone starts copying the files from
> my disk ?
>
> i want a realtime software (TRIPWIRE is not real time and must be run at
> set intervals ) which will inform me when a file is being copied to/from
> my system
> and do i agree to let it happen.,
>
> it should also prompt me before any changes to the registry are made.
>
> where can i get such software ?


Spybot S & D available at http://www.safer-networking.org provides the
registry control.

Copy notifications I tend to doubt could be done.


Posted by Volker Birk on October 23, 2005, 5:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> I recently got a trojan which copied itself to my disk, updated the
> registry and
> then copied itself into memory.
> the anti virus software didnt blink,
> there was nothing in the event log,
> how come all of this can happen without windows informing me in any way
> ?

There is no way to guarantee, that every malware is detected.

> i want a realtime software (TRIPWIRE is not real time and must be run
> at set intervals ) which will inform me when a file is being copied
> to/from my system
> and do i agree to let it happen.,
> it should also prompt me before any changes to the registry are made.
> where can i get such software ?

If the malware is already running on your system, it's too late.

Yours,
VB.
--
"Ich bin ein freier Mensch und werde jetzt von meinen Freiheitsrechten
Gebrauch machen - und zwar ausgiebig - natürlich nur in dem Rahmen, den
Otto Schily mir noch zur Verfügung stellt."
Wolfgang Clement am 10.10.05 als Noch-Superminister


Posted by Chris Kronberg on October 23, 2005, 7:58 am
If you were  Registered and logged in, you could reply and use other advanced thread options
> Hi
>
> I recently got a trojan which copied itself to my disk, updated the
> registry and then copied itself into memory.
>
> the anti virus software didnt blink,
>
> there was nothing in the event log,
>
> how come all of this can happen without windows informing me in any way?

That's the way a good trojan is programed.

> how come windows doesnt inform me if someone starts copying the files
> from my disk ?
>
> i want a realtime software (TRIPWIRE is not real time and must be run
> at set intervals ) which will inform me when a file is being copied
> to/from my system
> and do i agree to let it happen.,

Think twice: do you really want to get notified each time you
surf the net and get sites in your browser cache? Don't know
which version of Windows you run but the newer versions have
something called prefetching. Commands you run are copied for
faster access. You will be notified, too.
Each time you write a document a temporary file is created.
You will be notified.
Although you would know very well what your system is trying
to do, the flood of notices would drive me up the wall.

I can understand that you are frustrated. But a better way may
be to close down the possibilities for a trojan to enter your
system.

Cheers,

Chris.



Similar ThreadsPosted
Implementation of wavelet decomposition : help required! November 7, 2004, 6:52 pm
OpenSSL CSR command line help required March 6, 2007, 7:05 am
Pointers required for mysterious Sending Mail message in Ooutlook November 30, 2004, 12:25 pm
Forensics Software Company, Guidance Software, Hacked December 20, 2005, 10:05 pm
VPN Client Software July 6, 2004, 7:48 am
Secure Software May 6, 2005, 8:42 pm
BOT programs and spy software August 13, 2005, 4:38 am
Why do I need a software firewall? September 29, 2005, 4:44 pm
software thuriam August 4, 2006, 10:32 am
Free antivirus software July 14, 2004, 8:10 am

The site map in XML format XML site map

Contact Us | Privacy Policy