|
Posted by =?Utf-8?B?Um9uIEg=?= on January 25, 2008, 9:58 am
If you were Registered and logged in, you could reply and use other advanced thread options
and found five (5) svchost.exe services running - 3 Network Services ,
and 2 System. Now after seeing your answer and checking
Process Library and finding out this svchost.exe could be used by a
Trojan, How can i find out the path's of these services in Task Manger
like in your example? Thanks Ron (Defender)
"David H. Lipman" wrote:
>
> | Hi,
> | my question is how to know that a trojan is comunicating with it's owner?
> | I'm using TCP view. Wich files are present on infected pc and are they
> | visible trough tcp view?
> | Can a trojan use legitimate files like firefox.exe and sends data trough
> | different ports? Please give me an example of tipical trojan connection?
> |
> | Thanks.
>
> TCPView helps but not completely.
>
> Individual files by themsleves may show communication "home" or to peers.
However, some
> malware can hook directly into the OS such that a particular EXE file will not
be indicated,
> it will appear the OS is communicating to the malicious third part web sites.
>
>
> Trojans can use legit files by patching the legit files with malicious code.
Additionally,
> malware often uses the EXE name of legit files such as firefox.exe however
what is important
> is the Fully Qualified Name (FQN) and path to the EXE file.
>
> For example:
> c:\windows\system32\svchost.exe is legit
> C:\Program Files\Common Files\System\svchost.exe is NOT legit !
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
>
>
>
| 
XML site map