Hi. I have just installed PE (trial) and am studying the Help, "Hidden Server Detection"pages. The fifth paragraph (re. screen image) identifies the Trojan as "NetBus"and the last paragraph says "Now that we've identified the Trojan --- " My question is- How did we identify it, apparently from the information on screen ?? Can someone tell me, please ? With the Compliments of the Season Alpha.
Hi alpha24, A good way to find out about specific applications or ports that may be suspicious (as in the Port Explorer example) is from inside Port Explorer click Utilities>>Lookup and then type in the port number and Search. You get the following info: cron / crontab, RAT: Fat Bitch trojan, GabanBus, icmp_pipe.c, Mypic, NetBus, NetBus Toy, NetBus worm, Pie Bill Gates, Whack Job, X-bill, Q-taz, Snape, Fade, Musdie, Vagr, Neoturk You may now do a web search (I use Google) to seach for the executable (patch.exe), the port (12345), or any of the names that Port Explorer gives you as using that port. I did a search for "patch.exe" and found the following page: http://www.hypertony.co.uk/security/netbus.htm. As you can see, it takes a little work to decide if you are infected or not (in this case less than five minutes), but it is well worth the effort. I hope this helps you at least a little bit...... Regards, Kent
Hi,Kent. Many thanks for your helpful response. I can't follow your advise because the trial version of PE doesn't have the Look-up facility but I expect I'll get the full version, if I can get my head round the trial better than I have so far !! Obviously, the Help should have mentioned the Look-up step etc. in the identification of the Trojan. I suppose the simplest thing to do is to kill all highlighted processes but I realise there has to be exeptions. I run Spyblocker and the spyblocker.exe file appears 4 times in the main PE Processes' list, all highlighted !! I have posted the Spyblocker Forum on the subject and await their reaction with interest !! Another thing. I subscribe to a number of Forums and sometimes get in a muddle with my replies, especially on a couple of them which I find difficult to navigate,where I often can't find a posting again when I go back to deal with a reply !! (I call it having one of my senior moments, as I'm not so young as I was - but who is !!) Did you post to me a few days ago on another Forum and if so, could you tell me which and under what heading,please ? If not, I'll just have to resume searching for a missing posting which, I think, was over the name Kent or something like it. ( Now, don't make fun of the afflicted !!! ) Cheers. Alpha.
Hi again, Jooske here from another location. The styep-by-step processes. hm i think it is first to look at which processes they are, do you know them and which ports do they use. The "patch.exe" example on 12345 is a very clear one, of course. But these are the steps you do take: look which is highlighted, which port does it use, look with rightclick what it is, where it comes from, and to which process(es) it belongs. You ca start to block the sending and receiving of traffic on it, and all your wanted resolve/whois/spying on the packets or just kill the process/sockets if you don't trust them. Yes, a full version is what it takes to have all the options enabled. If you're planning so, do have a look at the ActionPack which is still available this moment too, just in case. I'm telling this because i have all three of the programs included and use them in addition, and now i'm on another location where they are not installed i feel strange --more or less empty handed on another person's computer so i love the things even more once i get back to my own system
