Monday, April 25, 2005 8:34 AM
brianwilson
Methods to detect Trojans viruses on your machine
I found some cool utilities over the weekend to determine whether your machine has been compromised by a hacker.
System Information Utility (msinfo32.exe)
First things first, task manager is not 100% accurate. It does not show you every running task and process that is executing on your machine. Use Sytem Information Utility when hunting for trojans, look down the task listings for running tasks & services for any which you don't recognise. Check the paths and filenames.
NetStat
All trojans need to communicate. If they don't do that they are useless for their intended purpose. This is the second major weakness of most trojan horses, their communication leaves a trail you can follow.
The Netstat command lists all the open connections to and from your PC. To use it, open a DOS box and enter the command netstat -an this will list all the open connections to and from your PC, along with the IP address of the machines on either side. If you see a connection you don't recognise, you need to investigate it further and track down the process that's using it. For this you need the third tool in the armoury, TCPView.
TCPView
TCPView is a free utility by Sysinternals (http://www.sysinternals.com) which not only lists the IP addresses communicating with your computer, it tells you what program is using that connection. Armed with this information you can locate whatever program is sending data out of your machine and deal with it. I recommend renaming the offending file then rebooting - that way if you make a mistake you can put it right easily.
Let me know if you come across any other cool crime fighting utilities!
Have an awesome week!
Filed under: .Net Development