ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects


IFAS Incident Reponse Toolkit:


Return to IT/SA Services Documentation: Security Tools

The following are tools that will aid in your fight against malware. Some of the tools are very simple to use and have one specific purpose while others do multiple tasks and can be quite complex.

  • Helix - Bootable CD
    "Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques."
     
    Details of new version coming soon--after John returns from Hawaii.
     
  • DelLater - CLI
    DelLater will let you delete a file when Windows restarts. The typical scenario is when you have a virus or virus related files that are in use and cannot be renamed or deleted. Using the example below, the file will be deleted after the machine is rebooted and begins the Windows startup sequence before the file can become "in use" again.
     
    Example: dellater c:\windows\system32\wumct.exe
     
  • OpenPorts - CLI
    OpenPorts (similar to fport) lists all open TCP and UDP ports along with the processes that contol those ports. The most powerful functionality is to provide the path of the process to assist in tracking down malicious software.
     
    Example: openports -path
     
  • LSP-Fix
    Helps repair Winsock2 when malware (spyware/adware) hoses it up preventing applications from having Internet access.
     
    Example:
    1. Run LSPFix.
    2. Check 'I know what I'm doing'.
    3. Select 'osmim.dll'.
    4. Click the right-pointing arrow (moves it to the "remove" page).
    5. Click 'Finished'.
    6. se DelLater against "c:\windows\system32\osmim.dll"
    7. Reboot and all is happy.

last edited 9 March 2005 for John Sawyer by Steve Lasley