Detecting a Trojan
Awareness and preventive measures are the best defense against Trojans. Educate users not to install applications downloaded from the Internet and email attachments. Most commercial anti-virus products can automatically scan and detect backdoor programs before they can cause damage.
Using Anti-Trojan Software:
Antivirus software is designed to detect and delete Trojan horses, as well as preventing them from ever being installed. Although it is possible to remove a Trojan horse manually, it requires a full understanding of how that particular Trojan horse operates. In addition, if a Trojan horse has possibly been used by a hacker to access a computer system, it will be difficult to know what damage has been done and what other problems have been introduced.
Manual Detection
Though manual removal/detection of Trojans is difficult, but this is best way to remove the Trojans completely from the computer. With practice, it becomes easy to manually detect/remove the Trojans
TCPView
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ship with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
Tcpvcon is the command-line version of TCPView. Its usage is similar to that of the built-in Windows netstat utility. Just typing tcpvcon in a CMD box runs the Application.
Process Viewer
Process Viewer (PrcView) (www.teamcti.com/pview/prcview.htm) is a free GUI-based process viewer utility that displays detailed information about processes running under Windows. For each process it displays memory, threads, and module usage. For each DLL, it shows full path and version information. PrcView comes with a command-line version that allows you to write scripts to check whether a process is running and stop it, if necessary.
Process Explorer
Process Explorer is a freeware computer program for Microsoft Windows created by Sysinternals, which was acquired by Microsoft Corporation. Process Explorer is a system monitoring and examination utility. It provides the functionality of Windows Task Manager along with a rich set of features for collecting information about processes running on the user’s system. It can be used as the first step in debugging software or system problems. Process Explorer can be used to track down problems. For example, it provides a means to list or search for named resources that are held by a process or all processes. This can be used to track down what is holding a file open and preventing its use by another program. Or as another example, it can show the command lines used to start a program, allowing otherwise identical processes to be distinguished. Or like Task Manager, it can show a process that is maxing out the CPU, but unlike Task Manager it can
Show which thread (with the call stack) is using the CPU – information that is not even available under a debugger.
No comments:
Post a Comment