Thread: Check if ur pc is hacked!

Originally Posted by zapak

Now Dont consider me wrong but if dere is any fisher , hacker ,.... to bypass dis trick all u need to do is name ur process as Common Window processes like svhost , and even tskmrg so dat victim thinks it as ligit process. And if u r confertable with deassembler den u can even hide ur process in tsk manager.

Completely true.

Seriously everyone, this DOS command does nothing against any modern day malware. Good malware replaces the netstat program with a modified one that won't list the malware sockets, or disguises itself as a system process.

I mean, seriously, who the f*ck would name their malware "VIRUS.exe".... they would call it something like "win32sys.exe" or something that nobody would delete, unless they knew the Windows system files by heart.

Windows has many C-Win32/ASM-MASM libraries you can use to make your process invisible/seem like a system process/etc. As I said, nearly all malware today have to perform these tricks to get anywhere.

Anyone skilled could make it a service, not a foreground application as well, making it more tricky, and making it look even more like a system process.

Also, killing it's connections would do little. They nearly all will have another process running that detects when it's connections are killed, and it just reconnects. And, most malware use the registry to autostart, meaning it will return on the next boot, unless completly removed.

Trying to trick an external firewall administered by knowledgeable people however, is very different.