Re: match up threads and modules
From: Alexander Grigoriev (alegr_at_earthlink.net)
Date: 01/08/05
- Next message: Arkady Frenkel: "Re: Big Endian Byte Ordering"
- Previous message: Alexander Grigoriev: "Re: Currently executing DLL path"
- In reply to: grunin_at_hotmail.com: "Re: match up threads and modules"
- Next in thread: grunin_at_hotmail.com: "Re: match up threads and modules"
- Reply: grunin_at_hotmail.com: "Re: match up threads and modules"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 7 Jan 2005 20:41:21 -0800
Open Task Manager, kill all explorer.exe. Your desktop shell will be gone,
along with the offensive DLL. You can then open CMD.exe (Task
Manager->File->Run) and delete the file.
<grunin@hotmail.com> wrote in message
news:1105088345.537493.212600@z14g2000cwz.googlegroups.com...
>
> Phil Taylor wrote:
>> does
>> >
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/perfmon/base/thread_walking.asp
>> > help?
>>
>> that gets you a process-id per thread, from there you should be able
> to get
>> it.
>
> No, I'm afraid that's not it: the process and process-id are already
> known, but I don't want to kill the process. I just want to kill the
> one thread that has been launched by the malware injected into the
> process.
>
> The problem remains determining which of the many threads (all owned by
> the process) is the right one to kill.
>
> Regards,
> Eric Grunin
>
- Next message: Arkady Frenkel: "Re: Big Endian Byte Ordering"
- Previous message: Alexander Grigoriev: "Re: Currently executing DLL path"
- In reply to: grunin_at_hotmail.com: "Re: match up threads and modules"
- Next in thread: grunin_at_hotmail.com: "Re: match up threads and modules"
- Reply: grunin_at_hotmail.com: "Re: match up threads and modules"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
