At 01:59 PM 2/2/96 -0500, you wrote:

...

Are there others applications like MEM that are not as universal? (here, I guess that such stealth behaviour have to rely on identifying the program being loaded, thus, a less common program has less chance of being fooled)

Mem /C doesn't do squat under 95... don't know about 3.11.... since each DOS box runs in its own space, MEM /C cannot see what processes are running in Windoze.

There are a number of process viewing applications available for Win95/NT. I use two of them: one is called pstat.exe and the other is ps.exe. Both of them show most of the visible processes running. ps does not show running services, but pstat does. Both of them are available at ftp://csa.gt.ed.net Jeremy --- Jeremy Mineweaser | GCS/E d->-- s:- a--- C++(+++)$ ULC++(++++)>$ P+>++$ j.mineweaser@ieee.org | L+>++ E-(---) W++ N+ !o-- K+>++ w+(++++) O- M-- | V-(--) PS+(--) PE++ Y++>$ PGP++>+++$ t+() 5 X+ R+() *ai*vr*vx*crypto* | tv(+) b++>+++ DI+(++) D+ G++ e>+++ h-() r-@ !y-