Reading the description though, it is fine after a reboot when it crashes, suggesting heat is not an issue.

My guess would be hardware too, try and remove individual components to see if it still does it...bit time consuming at an hours wait though!

Karl Lankford, MCSE
Systems Administrator
Kaspersky Lab UK

you could print this email..but it does take a long time to grow trees.

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of kawasaki.lector
Sent: 02 July 2008 21:51
To: 'Rivest, Philippe'; 'Scott Race'; infolookup (at) gmail (dot) com [email concealed]; GremaGehan (at) web (dot) de [email concealed]; listbounce (at) securityfocus (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Crash Monitor -- rootkit discussion

"Win 2000" suggests this is an older computer, then I read "ca. 1 hour after
login hanging this PC up"....
My first suspicions tend toward hardware problem....

You sure the years' layers of dust (viz., "dust bunnies") aren't just
causing the motherboard/CPU to overheat?... Formatting the harddrive
wouldn't help that....

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Rivest, Philippe
Sent: Wednesday, July 2, 2008 16:10
To: Scott Race; infolookup (at) gmail (dot) com [email concealed]; GremaGehan (at) web (dot) de [email concealed];
listbounce (at) securityfocus (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Crash Monitor -- rootkit discussion

First off, the first post seemed to be able to format. In the case he can't,
he would still have to get someone who can (which is a lot easier then
someone who can investigate and remove root kits).

All I wanted to say (I knew I would get hit by this) is that if you are
investigating for the possibility of a rootkit, you must have some serious
doubt about the security of your pc. At that point it would be faster and
safer to format it and reinstall.

Yes backup can screw up, you can not do them or forget. But again.. this
would be the issue if you find the root kit and cant remove it. Save your
files to the D drive format the C, do an external backup.

As for the house & termite, your example is flawed. As you can be sure that
there is no termite left. You can't really be sure for root kits.

Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest (at) transforce (dot) ca [email concealed]
Téléphone: (514) 331-4417
www.transforce.ca

-----Message d'origine-----
De : Scott Race [mailto:srace (at) jdaarch (dot) com [email concealed]] Envoyé : 2 juillet 2008 15:56 À :
Rivest, Philippe; infolookup (at) gmail (dot) com [email concealed]; GremaGehan (at) web (dot) de [email concealed];
listbounce (at) securityfocus (dot) com [email concealed]; security-basics (at) securityfocus (dot) com [email concealed] Objet : RE:
Crash Monitor

Philippe, your proposed solution is like demolishing your house and
rebuilding because you think you "might" have termites.

I beg to differ than home PC data is less important than corporate data.
Home PC data is very important to that home user. If you assume "expertise
is
lacking", then a format/reinstall could easily result in data loss (family
pictures, financial info, etc).

Bottom line is that if expertise is lacking, the user should find someone
who
knows what they're doing and check out how severe it is.

And what if there is no rootkit? You can at least get an idea of the risk
factor by using the various tools of the trade (search and destroy products,
netstat for listening ports, software firewall to check for
incoming/outgoing
connections, task mgr for running processes, etc).

To me, format and reinstall would be a better solution for a corporate PC,
as
generally data is stored on file servers and not on the local machine, thus
there is little risk of a format losing sensitive data (of course this
varies
from network to network). Home PCs generally have lots of data on them, and
are generally not backed up.

Case in point, my father-in-law just called Dell with a problem (he's an
older guy), Dell ended up having him format the drive. He had burned his
data to a CD a few days before, but guess what, the CD didn't burn correctly
(and he's a home user, he didn't test it). DATA LOSS. Sucks for him, all
his Quicken data and family pics are gone.

Format should be a last resort. Yes, it works, but there are other things
to
try first to get an idea of what solution is necessary.

Scott

-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On
Behalf Of Rivest, Philippe
Sent: Wednesday, July 02, 2008 12:22 PM
To: infolookup (at) gmail (dot) com [email concealed]; GremaGehan (at) web (dot) de [email concealed]; listbounce (at) securityfocus (dot) com [email concealed];
security-basics (at) securityfocus (dot) com [email concealed]
Subject: RE: Crash Monitor

To add to the previous post.

If you are going to look for rootkits I would suggest formatting and
re-installing. If you suspect you have a root-kit on your PC theres no need
to identify it or KNOW you have one. Just do a full format & reinstall.

If you have a rootkit,theres no complete way to remove it. I mean to know
100% that everything critical is removed. The time you are going to spend
investigating this, cleaning it and worrying about the after effects would
be
better spent reinstalling.

For all those who are going to hit me with "you should know if there's a
rootkit", this is a stand alone PC, not corporate and the expertise and time
may be lacking. Also the lvl of sensitivity of the PC is probably very low.

Format and move on

Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest (at) transforce (dot) ca [email concealed]
Téléphone: (514) 331-4417
www.transforce.ca

-----Message d'origine-----
De : listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] De
la
part de infolookup (at) gmail (dot) com [email concealed]
Envoyé : 2 juillet 2008 15:13
À : GremaGehan (at) web (dot) de [email concealed]; listbounce (at) securityfocus (dot) com [email concealed];
security-basics (at) securityfocus (dot) com [email concealed]
Objet : Re: Crash Monitor

Virus protection up to date? Any P2P software like lime wire that could
bring
in tones of problems? Did you recently add any new software or hardware?
Also
go to Microsoft site and download a root kit program and scan your pc.
------Original Message------
From: GremaGehan (at) web (dot) de [email concealed]
Sender: listbounce (at) securityfocus (dot) com [email concealed]
To: security-basics (at) securityfocus (dot) com [email concealed]
Sent: Jul 2, 2008 2:20 PM
Subject: Crash Monitor

Hello list,

my wife using Win 2000 + MS Office to writing her thesis. Of course
there are also such important tools like a Skype, ICQ ...... etc. (you
know ... ) At now it is daily that this PC is crashing. I don't know
why. It is possible to detect the crashing application? Do you know some
tool (something like DrWatson.)? The PC ist patched, Event Viewer show
nothing.
The most probably case is: ca. 1 hour after login hanging this PC up.
Independently of runnig applications. After restart its work normally.

Thank you in advance

Martin

_______________________________________________________________________
EINE FÜR ALLE: die kostenlose WEB.DE-Plattform für Freunde und Deine
Homepage mit eigenem Namen. Jetzt starten! http://unddu.de/?kid=kid@mf2

Sent from my Verizon Wireless BlackBerry

[ reply ]