Ping a Specific Port

Question

martyvis

Asked: 2010-05-13 18:49:25 +0800 CST2010-05-13 18:49:25 +0800 CST 2010-05-13 18:49:25 +0800 CST

md5sum or sha1sum of legitmate microsoft system files

772

Is there a database or repository of the legitimate checksums for Microsoft system files? We think we have a 0day on DNS for Windows 2003 SP2 using IRC for command and control. (Latest McAfee does not see an issue). I want to compare our customer's dns.exe and associated DLLs with the real ones. (I will grab a fresh SP2 and hotfixed system to do this, but wonder how to do this in future without needed to do this.)

2 Answers

Voted

Nic · Answer 1 · 2010-05-13T19:00:14+08:00

Best Answer

Nic

2010-05-13T19:00:14+08:002010-05-13T19:00:14+08:00

Have you tried the System File Checker? It is designed to scan Windows sytem files and replace the "bad" ones. It's pretty easy to run from the command-line:

sfc /scannow

1

Jim B · Answer 2 · 2010-05-13T20:06:45+08:00

Jim B

2010-05-13T20:06:45+08:002010-05-13T20:06:45+08:00

You need to verify that Windows file protection was on and run the system file checker (SFC) see this KB article for the registry entries to check and SFC/WFP options. Newer versions of windows verify that the exe/DLL for OS files is signed by microsoft before loading.

0

md5sum or sha1sum of legitmate microsoft system files

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?