Port Explorer and Hackers

Discussion in 'Port Explorer' started by Smokescreen, Aug 18, 2005.

Thread Status:
Not open for further replies.
  1. Smokescreen

    Smokescreen Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    3
    Location:
    Houston, Texas
    Well, I know how to use Port Explorer to locate a Trojan. However, what I would like to know is how do I use it to locate a Hacker. That is a Hacker that is not using a Trojan to access my computer. From what little I have read, I am assuming that is possible.
     
  2. Tom772

    Tom772 Guest

    As far as i know any hidden process (hacker activity) should be shown in red and easily identify as legit or not?

    Tom
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi,
    It would always need a socket or a process, red most probably like Tom said, so you should be able to use the socket spy on such a connection and see what happens, till you block sending / receiving or kill the connection. In the meantime you could do some extra's with TDS' network functions.
     
  4. Smokescreen

    Smokescreen Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    3
    Location:
    Houston, Texas
    Well, there is only one Process showing up in the red. It always shows up in the red and is always listening. The Process is called ccapp.exe

    I used Socket Spy to see what it came up with. Maybe I didn't use it correctly, however, it just shows it as a Process on my computer. It doesn't say that it is doing anything.

    However, if a hacker was on my computer without the aid of a Trojan. What would be showing up? Would it still show up in Port Explorer as a Process with an ID or would it show up as an alien or unknown process?
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, Smokescreen

    ccapp.exe" belongs to Norton AntiVirus, runs auto-protect and email checking facilities. ccapp.exe

    Take Care,
    TheQuest :cool:
     
  6. Tom772

    Tom772 Guest

    I would probably search for any Remote Admin files, or do an online scan at kaspersky or McAfee, but if there is no activity apart from your antivirus, firewall on PE, i wouldnt worry about your system being compromised! Hope that makes you feel better, T
     
  7. Smokescreen

    Smokescreen Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    3
    Location:
    Houston, Texas
    Yeah, that is what I am looking for. What would Remote Admin files be? Can you give examples?

    I know I don't have a hacker now. I just want to know what I should look for if I suspect one. I know what to look for if they are getting in through the use of a Trojan. However, I didn't know what to look for if they get in by other means. That is why I am asking, so that I am prepared. If I don't know what the warning signs look like, then I will never know when there is a problem.
     
  8. Tom772

    Tom772 Guest

    Open task manager and look under network connections, to see if there is alot of activity while you are not surfing. Also a site you might to take a look at is this>

    http://www.spywareguide.com/product_search.php

    This will show you some Remote access programs to watch out for, hope this helps, T
     
  9. Tom772

    Tom772 Guest

    Type Remote or Admin when searching at this site!!!
     
  10. trojan

    trojan Registered Member

    Joined:
    Aug 22, 2005
    Posts:
    123
    Location:
    london
    port explorer is 1 of my fav tools the way listerning tcp and established connections are set out in tabs makes port explorer so easy to use and spot nasty connections in seconds. i also use netstat pro which has some nice features also but is not so easy to read the results as all connections are displayed in 1 window. The red highlighting on port explorer is slighty misleading nasty things like trojans will show up in red but many normal programes will also show in red any programe running that doesn't have a window on screen will show in red this can simply be msn or yahoo or any programe running in the taskbar only other than that port explorer is a must have tool :eek:
     
    Last edited: Aug 23, 2005
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi trojan,
    If you have a program which doesn't have a window open but a syustray icon, just click that icon and you'll see the red changing back to normal.
    But the red keeps you alert.
     
Thread Status:
Not open for further replies.