[Tfug] Security-related question
earljviolet at deserthowler.com
earljviolet at deserthowler.com
Tue Feb 22 09:15:14 MST 2011
Jim,
Can you drop back to the uninfected version of XP and see what happens there?
Earl
On Tue, February 22, 2011 8:22 am, Jim March wrote:
> Folks,
>
> I'm trying to figure out what a particular Windows piece of malware does.
>
> To that end I built a brand new WinXP virtual machine via Virtualbox
> (Linux
> host of course) and then infected the virtual machine :).
>
> In Ubuntu (Gnome) I usually run the System Monitor toolbar widget set to
> display CPU, memory and network traffic. In the latter I can see network
> traffic happening that I can't explain as being Linux-related, so it has
> to
> be the virtual machine (which has Internet connectivity via a NAT router
> off
> of the Linux host...in other words, guest OS traffic will be visible in
> the
> host Linux system.
>
> I need to know first how I can prove that it's the Windows XP guest OS
> that's doing the traffic, or which other processes are doing which
> traffic,
> and then if possible log ALL of that traffic (preferably using Linux
> tools)
> for a brief time period to a file for analysis.
>
> Any help appreciated :).
>
> Jim March
> _______________________________________________
> Tucson Free Unix Group - tfug at tfug.org
> Subscription Options:
> https://www.tfug.org/mailman/listinfo/tfug
>
--
If you play a Windows install CD backwards it has satanic verses.
Save the Earth... it's the only planet with chocolate!!!!
More information about the tfug
mailing list