Someone ( a typical home computer user ) has contacted me concerning a problem with their computer. It is possible that it is a spoofing incident, but the circumstances indicate strongly it is some type of Trojan / backdoor.
( I can’t / won’t be more specific at this time )
Over the phone I guided them through updating their anti-virus software ( found nothing ), installing a firewall ( Zone-Alarm ) and downloading and installing Ad-Aware ( found an excess of 450 items which were removed! ) and directed them toward the thread How to Lock Down Your WinXP Box...
which I was told they did. Also I was told that they have kept up with Microsoft updates.
I scanned their ports over the net. ( They have a cable modem w/router, found nothing unusual, but I was scanning the router, I believe it is a Linksys. )
The problem still persists.
At this time I am just going to try to identify the problem, am not foreseeing I will need forensic evidence for a court, and so I believe I should start by NOT disconnecting from the net to have them bring the machine to me.
Looks like a Road Trip!!
My question is, what tools should I bring with me. So far I have decided on SuperScan 3.0 and Fport both from http://www.foundstone.com
Any other suggestions??