This is Rmdarcher's TypePad Profile.
Join TypePad and start following Rmdarcher's activity
Rmdarcher
Recent Activity
One way to detect such modifications of processes as demonstrated is to run the System File Checker (sfc.exe).
Since we're talking about the modification of processes, the most reliable way would be to perform this from the Windows Recovery Console/System Recovery Options on the installation media.
Commented Dec 7, 2011 on Manipulating Windows File Protection and Indicators of Compromise at SpiderLabs Anterior
Manipulating Windows File Protection and Indicators of Compromise
In my previous blog post I wrote about how when searching for malicious processes, it helps to know about Windows File Protection and how it works. Harlan Carvey commented about how he didn't see the connection between my mentioning WFP and hunting for malware. So, in this blog post, I thought...
Rmdarcher is now following The Typepad Team
Dec 6, 2011
Subscribe to Rmdarcher’s Recent Activity
