-
July 29th, 2005, 04:30 PM
#1
Tool Check - Windows98
Before I begin, please note that the scope of the request is limited to Windows98 only.
Anyway,
I have a very nice set of tools that I use to identify known/unknown malware/bots/spyware/etc.., however, the one thing I lack is a *very* good tool for process exploring on a Win98 host.
For instance, TCPView on 98 shows you all of the connections but unlike the Win32 version, it will not show you the path to the EXE associated with the process. While this certainly isn't a deal breaker for sr. engineers, many of my juniors sit at the host puzzled on where to go next when they encounter this. My goal is to get a Win98 process explorer that behaves exactly like TCPView does in a Win32 environment. That is, a tool that will provide a path to the EXE associated with a running process.
Do any of you have experience with a particular tool that meets this criteria? I'm certainly open to try anything that will allow me to produce an all-in-one USB toolkit for my junior staff.
Thanks in advance as always.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 29th, 2005, 04:58 PM
#2
Hmmmm,
Not too sure Hoss, but WinPatrol provides quite a bit of information, also there are some tools here:
http://www.karenware.com/powertools/powertools.asp
I am afraid I am not running a Win98 box at the moment, I will try and fire one up over the week-end and get back to you.
-
July 29th, 2005, 05:16 PM
#3
Have not tried this myself, but maybe worth a look,
here you go: http://www.teamcti.com/pview/
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
July 29th, 2005, 05:46 PM
#4
This works great in XP, says it works in 9X also :
http://www.sysinternals.com/Utilitie...sExplorer.html
Shows paths and registry keys as well.
-
July 29th, 2005, 06:13 PM
#5
[quoteHave not tried this myself, but maybe worth a look,
here you go: http://www.teamcti.com/pview/[/quote]
Thanks Jinxy. This is pretty close. It lacks the connection table information which if it had, would be perfect.
Yea, I'm VERY familiar with this tool. It doesn't do what I need it to though.
Thanks.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 29th, 2005, 07:19 PM
#6
this looks like what your asking for
im not sure i understand what you mean by "connection table info"...ports to app to location? like fport?(which i know is not for 9x)
they say it works under XP-9x but i dont have any 9x boxen at the moment. here's the download page with a screen shot:
http://www.pcworld.com/downloads/fil...id,6102,00.asp
fport and similar tool rely on rpc/dcom to gather information. maybe if you upgraded the dcom component tools like fport might work:
http://www.microsoft.com/downloads/d...DisplayLang=en
just a guess and not knowing how many machines your talking about
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
July 29th, 2005, 08:20 PM
#7
I have roughly 2,000 Win98 hosts scattered over 350 locations. At any moment, one could become infected with a bot. When using TCPView on a Win32 system, I see the local IP address and port, remote IP address and port and I also have the ability to look at the full path to the EXE of the process that is responsible for the connection. Basically, I want a tool for Win98 that behaves precisely the way the TCPView does on Win32.
Make sense?
Thanks for the feedback.
--TH13
I really hope I don't have to write my own.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 30th, 2005, 10:22 AM
#8
Hi Hoss:
http://www.sysinternals.com/Utilities/TcpView.html
If you look down the bottom you will see that they claim that the "Pro" version of TCPView does what you are saying for Win 9x
No idea if it works, or how much it costs, but it might be worth a look.
-
July 30th, 2005, 12:22 PM
#9
Yeah, it certainly does what I need but they want $1,200 US plus $250 a year maintenance. I was hoping for something free, especially since Win98 will be gone from my environment in 18 months.
thanks for your efforts.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
July 30th, 2005, 01:56 PM
#10
http://lists.gpick.com/pages/Port_Tools.htm
This site has quite a few tools that might do the job. The stuff from DiamondCS, for example?
I can see your problem, you have one hell a lot of Win98 boxes in a networked environment. Mostly I have only encountered a few laptops (the power management thing).
The downside seems to be that there is not a lot of network tools that run on Win98, and those that there are, are only free to private users
How many junior staff do you have? I seem to recall that DiamondCS do "roving licences" maybe that would be an affordable option if it does the job?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|