Return to IT/SA Services Documentation: Security Tools |
The following are tools that will aid in your fight against malware. Some of the tools are very simple to use
and have one specific purpose while others do multiple tasks and can be quite complex.
- Helix - Bootable CD
"Helix focuses on Incident Response & Forensics tools. It is meant to be used by individuals who have a sound understanding of Incident Response and Forensic techniques."
Details of new version coming soon--after John returns from Hawaii.
- DelLater - CLI
DelLater will let you delete a file when Windows restarts. The typical scenario is when you have a
virus or virus related files that are in use and cannot be renamed or deleted. Using the example
below, the file will be deleted after the machine is rebooted and begins the Windows startup sequence
before the file can become "in use" again.
Example: dellater c:\windows\system32\wumct.exe
- OpenPorts - CLI
OpenPorts (similar to fport) lists all open TCP and UDP ports along with the processes that contol those
ports. The most powerful functionality is to provide the path of the process to assist in tracking down
malicious software.
Example: openports -path
- LSP-Fix
Helps repair Winsock2 when malware (spyware/adware)
hoses it up preventing applications from having
Internet access.
Example:
- Run LSPFix.
- Check 'I know what I'm doing'.
- Select 'osmim.dll'.
- Click the right-pointing arrow (moves it to the "remove" page).
- Click 'Finished'.
- se DelLater against "c:\windows\system32\osmim.dll"
- Reboot and all is happy.
|
