Results 1 to 2 of 2

Thread: Identifying IRC BOT

  1. December 3rd, 2003, 11:20 PM #1
    w0rm3y
    w0rm3y is offline
    Senior Member
    Join Date
    May 2003
    Posts
    115

    Identifying IRC BOT

    If the machine was found with IRC bot, how can I check the integrity of the machine to make sure that further compromised was not done? I have checked the logs and other events, but stuck now. Also besides DCC transfer, what are other ways that IRC bot can be dropped to the target?

    TIA
    Reply With Quote Reply With Quote
  2. December 3rd, 2003, 11:31 PM #2
    groovicus
    groovicus is offline
    Senior Member
    Join Date
    Aug 2003
    Posts
    1,018
    If you didn't have an md5 checksum of all files before, you probably can't do much. There is a standard database of md5 hashes, but I can't remember where the blazes they were.

    Standard wisdom (if you can call it that) is there is virtually no way you can guarantee that you found everything. Best suggestion is complete rofrmat.

    There are programs such as Tripwire that can do integrity checks for you (you have to do a little searching for the free versions) But they are only going to help you if you are prepared ahead of time.

    As far as methods of infection, I'll have to defer to someone with more knowledge than I have.
    HijackThis Team
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules