Agreed, in fact, there was an absurdly long thread not to long ago disputing the difference between a RAT's and a TROJANs. Lots of different opinions and definitions.The industry lacks a good framework for naming and classifying these things. This of course causes a lot of issues amongst the nerd community.
When Kurokage mentioned there might be a trojan on the system and that he/she could handle/get rid of it, thoughts of classic trojans like netbus, sub7, B.O. came to mind. Considering Kurokage has stated (in his/her profile) that he/she isn't very computer literate, I don't surmise that he/she would know how to get rid of a rootkit if indeed one was on the system.
TH - you mentioned you *never* trust tools on the suspected host... and I understand that if a rootkit was installed that it can intercept system calls and other processes so the application or tool running may return false results. What are your opinions of programs like Sysinternal's RootkitRevealer and F-Secures Blacklight? Or should that question be saved for a seperate thread?
Reply With Quote