Because of
the level of integration a rootkit requires with the operating system, even removing a rootkit is
going to cause problems because now your system is compromised at a low level. This book
doesn??™t provide you with enough information to rid your system of a rootkit, but the Tree utility
can help you detect one when used correctly. Obviously, third-party utilities specifically
designed for the task will locate a rootkit faster. If you suspect your system has a rootkit installed,
you??™ll want to spend time viewing online resources such as the Rootkit Web site at http://
www.rootkit.com/. You can learn more about rootkits at http://en.wikipedia.org/
wiki/Rootkit.
Managing the Volume Shadow Service with the
VSSAdmin Utility
The VSSAdmin utility lets you view the status of the VSS, which is a method of providing a backup
copy of Windows. (Learn more about how VSS works on the Microsoft Web site at http://www
.microsoft.com/windowsserversystem/wss2003/techinfo/plandeploy/stormgtusingvdsvss
.mspx.) This utility uses the following syntax:
VSSAdmin list shadows [/set={shadow copy set guid}]
VSSAdmin list writers
VSSAdmin list providers
VSSAdmin list volumes
VSSAdmin resize storage /For=ForVolumeSpec /On=OnVolumeSpec
[/MaxSize=MaxSizeSpec]
MANAGING WINDOWS IN A NEW WAY 271
The following list describes each of the command line arguments.
Pages:
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667