Contact US

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here


Checking for Worms by jnicks
Posted: 26 Aug 02 (Edited 6 Apr 03)

There is a very nicely done Freeware package aimed at Tech support, StartLog, which analyzes the Registry, INI files and other things, the things Windows does on startup,  for worm droppings.

It checks out cleanly with adaware and F-Prot, but check it yourself, of course.



Look on the right for the program names.

Win 98/95 compatible.  Probably ME I would guess.

How good is it?  I have not done the statistics but it looks like it would get changes from any of the top worms including Magistr, SubSeven, Klez, Nimda,  mayby 80 to 90% of the common infections by worms.

The main thing is that it is fast enough to be run at boot, about 6 seconds, and it is cost efficient.  As it looks for traces by principle, not by pattern matching it does not need the almost daily updates of A-V scans.

As I said, the program is intended for Tech Support to have a user run and then send the files, so it drops reaults on the desktop, which makes it easy for an end user to find them.

I, Jay, did such a wrapper that spawns ScanLog and collects it's results in order to compare them against a previous run.  

This allows us to decide whether an incursion is likely.  If not the wrapper goes away.

If there is a change in the various things Windows uses to start, the user is alerted (or the Logon to NT nay be aborted).

          |                      |
          | Call Tech Support    |
          |                      |
          | Something is wrong.  |
          |                      |

In short it makes StartLog into a efficient, effective, small IDS tool.



StartLog is Freeware.

StartChk is also Freeware and the zip includes source and a Bat procedure that will strip the results from the desktop when the test is complete.

Together they allow you to make a check that should be done periodically on your own system, or for users once in awhile, like daily, as they logon.

Back to Microsoft: Windows FAQ Index
Back to Microsoft: Windows Forum

My Archive

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close