LinkBack URL
About LinkBacksThnx very usefull, tried it out and I'm clean :d
We are the best invite forum on the internet! Here you will find free invites, free seedboxes, free bonuses, and much more. Our members know the true meaning of sharing and have created a truly global bittorent community! Our site has the most up to date information on all private trackers and our members will guide you and introduce you to this truly secretive and enlightened club. Ready to get started? Register now!
Thnx very usefull, tried it out and I'm clean :d
Other than using the cmd prompt to see connections, you can use a handy program called TCPView.
It does the same thing as the cmd prompt, but it also shows what process it belongs to in the same window.
Heres a link, TCPView for Windows
Hope this helps you a bit more.
And when youre at it, also get the other great Sysinternal tools. Process Explorer, Autoruns, Process Monitor ;)Originally Posted by channel1
Thats some good info thanks
Nice lil tutorial kinda old school basic way to check
Couldn't you just use a packet sniffer, it would be much easier..
Wireshark: Go deep.
Much easier - it shows in and out and what protocol.
You could even use PeerGuardian - just check the box show allowed connections. Honestly, using Wireshark would be quicker than having to go through the command prompt.
Completely true.
Seriously everyone, this DOS command does nothing against any modern day malware. Good malware replaces the netstat program with a modified one that won't list the malware sockets, or disguises itself as a system process.
I mean, seriously, who the f*ck would name their malware "VIRUS.exe".... they would call it something like "win32sys.exe" or something that nobody would delete, unless they knew the Windows system files by heart.
Windows has many C-Win32/ASM-MASM libraries you can use to make your process invisible/seem like a system process/etc. As I said, nearly all malware today have to perform these tricks to get anywhere.
Anyone skilled could make it a service, not a foreground application as well, making it more tricky, and making it look even more like a system process.
Also, killing it's connections would do little. They nearly all will have another process running that detects when it's connections are killed, and it just reconnects. And, most malware use the registry to autostart, meaning it will return on the next boot, unless completly removed.
Trying to trick an external firewall administered by knowledgeable people however, is very different.
Last edited by SunSpyda; July 3rd, 2009 at 11:41 AM.
Posting Permissions
Reply With Quote
