Depending on your experience with MS-DOS and Windows 98, you can use the following: First, try the Microsoft Article Q184075 that explains how to use the Win98se tool Microsoft System Information tool. Second, try this Microsoft Article Q181966 that explains the use of the Microsoft Config program. Third, if you feel you need greater detail, try the DLL tree walker. Remember, DLL's in the Microsoft world are library files (a.k.a. compiled code), thus walking the DLLs may also provide some assistance. Use of these should provide some assistance in your quest. If these fail or you do not have access to the resources I mentioned, try the old standby "MEM" command with the "/C" for Classify and "/D" for debug information contained in memory. This last option is limited, for it will only show memory use up to the first megabyte(old EMS, now XMS RAM). Examples from the command prompt: mem /c /d
mem /c Although MEM is not the greatest tool, it will sometimes provide assistance. With a combination of the Microsoft solutions, DLL tree walker and the "MEM" command from the command prompt, you should be able to determine most applications located in system memory (RAM). Finally, after verifying the applications loaded in memory try these checks: 1. Check all active connections using the "nbtstat -c" and "netstat -a" commands from the DOS command prompt. 2. Check all systems logs if they are enabled. 3. Check the "startup folders" folders, C:config.sys and c:autoexec.bat for any strange applications. 4. Check for hidden files using the "dir /ah" command at the DOS command prompt. 5. Last, compare the original OS files to the install media (if possible). Checking active system memory with the Microsoft tools and use of the privious checklist should provide good starting points to determine if your system has been compromised by a Trojan or other malicious attack.
Dig deeper on Security Resources
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.