Checking a System with System File Verification
Windows 2003 includes a feature called Windows File Protection (WFP) that prevents the replacement of protected files. WFP checks the file integrity when an attempt is made to overwrite a SYS, DLL, OCX, TTF, or EXE file. This ensures that only Microsoft-verified files are used to replace system files.
Another tool, sigverif, checks to see what files Microsoft has digitally signed on a system., we will use this tool.
System File Checker is another command line–based tool used to check whether a Trojan program has replaced files. If System File Checker detects that a file has been overwritten, it retrieves a known good file from the Windows\system32\dllcache folder and overwrites the unverified file. The command to run the System File Checker is sfc/scannow.
'Hacking' 카테고리의 다른 글
| Directory Traversal Vulnerability (0) | 2011.10.29 |
|---|---|
| WOT vs SiteAdvisor vs SafeWeb – PrizeFly (0) | 2011.10.19 |
| Trojan (0) | 2011.09.13 |
| Covering Your Tracks and Erasing Evidence (0) | 2011.09.13 |
| Steganography Technologies (0) | 2011.09.13 |
