October 31st, 2001, 09:42 AM
If you're running Win2000, WinXP or WinNT, pull up the process viewer and see what you're running. Check for any odd-named processes, or any double processes. Double processes are most likely something that shouldn't be there. Another idea might be to connect to your open ports with Telnet from win98, but I'm not sure how many trojans this works with...
WE ARE the anti cancer...
WE ARE the only answer...
November 2nd, 2001, 11:13 AM
Looking for ill-named processes is not a bad idea, but what about a hacker that name is trojan like WINLGEXEC.exe or w2kreport.exe ?
Another idea is to take another computer, with a portscanner and portscan your computer.
It is easy for an hacker to modify your "netstat" command so It won't report the port of the trojan.
November 10th, 2001, 02:53 AM
also, one might look into downloading process viewers froma reputable site for w98 and w95. But keep in mind, always use the virus scanners and such.
oh, and i read this once. Im' not sure of the truth of it. There were some trojans that were modifying programs or processes (i think the example was powerprofile) and quitting that and running under that name... anyone know about this?