Port Explorer and Hackers

Well, I know how to use Port Explorer to locate a Trojan. However, what I would like to know is how do I use it to locate a Hacker. That is a Hacker that is not using a Trojan to access my computer. From what little I have read, I am assuming that is possible.

 

As far as i know any hidden process (hacker activity) should be shown in red and easily identify as legit or not?

Tom

 

Hi,
It would always need a socket or a process, red most probably like Tom said, so you should be able to use the socket spy on such a connection and see what happens, till you block sending / receiving or kill the connection. In the meantime you could do some extra's with TDS' network functions.

 

Well, there is only one Process showing up in the red. It always shows up in the red and is always listening. The Process is called ccapp.exe

I used Socket Spy to see what it came up with. Maybe I didn't use it correctly, however, it just shows it as a Process on my computer. It doesn't say that it is doing anything.

However, if a hacker was on my computer without the aid of a Trojan. What would be showing up? Would it still show up in Port Explorer as a Process with an ID or would it show up as an alien or unknown process?

 

Hi, Smokescreen

ccapp.exe" belongs to Norton AntiVirus, runs auto-protect and email checking facilities. ccapp.exe

Take Care,
TheQuest

 

I would probably search for any Remote Admin files, or do an online scan at kaspersky or McAfee, but if there is no activity apart from your antivirus, firewall on PE, i wouldnt worry about your system being compromised! Hope that makes you feel better, T

 

Yeah, that is what I am looking for. What would Remote Admin files be? Can you give examples?

I know I don't have a hacker now. I just want to know what I should look for if I suspect one. I know what to look for if they are getting in through the use of a Trojan. However, I didn't know what to look for if they get in by other means. That is why I am asking, so that I am prepared. If I don't know what the warning signs look like, then I will never know when there is a problem.

 

Open task manager and look under network connections, to see if there is alot of activity while you are not surfing. Also a site you might to take a look at is this>

http://www.spywareguide.com/product_search.php

This will show you some Remote access programs to watch out for, hope this helps, T

 

Type Remote or Admin when searching at this site!!!

 

port explorer is 1 of my fav tools the way listerning tcp and established connections are set out in tabs makes port explorer so easy to use and spot nasty connections in seconds. i also use netstat pro which has some nice features also but is not so easy to read the results as all connections are displayed in 1 window. The red highlighting on port explorer is slighty misleading nasty things like trojans will show up in red but many normal programes will also show in red any programe running that doesn't have a window on screen will show in red this can simply be msn or yahoo or any programe running in the taskbar only other than that port explorer is a must have tool

 

Hi trojan,
If you have a program which doesn't have a window open but a syustray icon, just click that icon and you'll see the red changing back to normal.
But the red keeps you alert.