Can anyone give my information and how to identify malicious software or services running on windows that do not show up in the task manager? I don't know enough about things like this but i want to be able to cover my ass.

Can anyone give my information and how to identify malicious software or services running on windows that do not show up in the task manager? I don't know enough about things like this but i want to be able to cover my ass.
Get a copy of ADAWARE at www.Lavasoft.de (http://www.Lavasoft.de)

That will solve most problems for you some people like other programs, but ad aware does a fine job.

Also get AVG anti-virus, also a good free antivirus.

I use adaware and spybot. IS there a way for me to see everything running on my computer regardless were it buried in the operating system. Task manager does not cut it.

You may want to try Prevx Home, it detect anything want to change your system so you can prevent it first!

You may want to try Prevx Home, it detect anything want to change your system so you can prevent it first!

that is interesting. Never heard of it, so i'll look into it. Thanks

I use adaware and spybot. IS there a way for me to see everything running on my computer regardless were it buried in the operating system. Task manager does not cut it.
Learn how to read the registry and how to stop xp's services. XP loads many components that you do not need.


Hijack this is another good tool. good for malware that keeps reloading on boot.

Learn how to read the registry and how to stop xp's services. XP loads many components that you do not need.


Hijack this is another good tool. good for malware that keeps reloading on boot.

I know how to stop xp services and i have most all extra one's stopped. I'm not a newb to security. I just know that some programs can run hidden and not show up in task manager so how do i know they are there?

He is worried about malware that doesn't show up in the taskmanager (hides itself).

TDS-3, TrojanHunter 'ought to take care of that stuff. Check my sig.

You can also use norton systemworks. It has a liitle add-on that gives you detailed information on all processes shown and hidden!

There's Wintasks Professional 5.0. I know some people that like it.

You may want to check out these two pieces of free software. You may find them helpful. Codestuff Starter & Startup Monitor

http://www.softpedia.com/get/Tweak/System-Tweak/Starter.shtml

http://www.mlin.net/StartupMonitor.shtml

He is worried about malware that doesn't show up in the taskmanager (hides itself).

TDS-3, TrojanHunter 'ought to take care of that stuff. Check my sig.
I also agree with Malakai. These are good trojan tools.

TDS3 (http://tds.diamondcs.com.au/) is an excellent tool. You could also try a registry cleaner/multipurpose tool called jv16 Power Tools (http://www.macecraft.com/).

Very good info here by people who have encountered problems before. I too, have had the go arounds with malware. TDS-3 an excellent program, certainly when looking for open ports that a trojan or the like might be using or looking for hidden streams that are normally not within the realm of user viewing. Hijack this also an excellent program for determining hidden start ups. Adaware another good program for finding some of the hidden stuff and for protection. Spybot also has its uses, though in my mind a bit simpler and therefore not quite as effective. Many of the trojans you can get are specifically written to null out Spybot and Antivir being as they are so popular with folks in use. One other to add to this list would be cwsshredder. While cwsshredder mainly looks for cws malware it also has a startup list generator. The startup list generator won't allow you to fix stuff like hijackthis but then you can't make mistakes by just looking either.

first close all programs you use that connect to the internet,
then open a console, (start>run "cmd"
type netstat /a

look for anything that is in state listening or established that is not on foreign address = localhost or foreign address = 0.0.0.0

If you see anything you are unsure about right click on the console window and select "mark"
then click at the top left corner and drag to select the entire output of netstat, you do not have to select copy, "marking" the text puts it in the clipboard, now paste the output into this thread and i can take a look at it.

this will not find all malware, but will catch anything accessing the internet.

first close all programs you use that connect to the internet,
then open a console, (start>run "cmd"
type netstat /a

look for anything that is in state listening or established that is not on foreign address = localhost or foreign address = 0.0.0.0

If you see anything you are unsure about right click on the console window and select "mark"
then click at the top left corner and drag to select the entire output of netstat, you do not have to select copy, "marking" the text puts it in the clipboard, now paste the output into this thread and i can take a look at it.

this will not find all malware, but will catch anything accessing the internet.

I closed bittorrent and all other internet connections but i don't really understand why i have so many ports listening. I can block the ports in my firewall but why can't i just stop the ports from listening? Thanks for you help lehk. oh yeah, what does the / switch do? why do i use that instead of netstat -ano.

C:\Documents and Settings\The Dark One>netstat /a

Active Connections

Proto Local Address Foreign Address State
TCP darkonesdesktop:epmap darkonesdesktop:0 LISTENING
TCP darkonesdesktop:microsoft-ds darkonesdesktop:0 LISTENING
TCP darkonesdesktop:1025 darkonesdesktop:0 LISTENING
TCP darkonesdesktop:1028 darkonesdesktop:0 LISTENING
TCP darkonesdesktop:1033 darkonesdesktop:0 LISTENING
TCP darkonesdesktop:44334 darkonesdesktop:0 LISTENING
TCP darkonesdesktop:44501 darkonesdesktop:0 LISTENING
TCP darkonesdesktop:1026 localhost:44334 ESTABLISHED
TCP darkonesdesktop:1028 localhost:1030 ESTABLISHED
TCP darkonesdesktop:1030 localhost:1028 ESTABLISHED
TCP darkonesdesktop:1033 localhost:1035 ESTABLISHED
TCP darkonesdesktop:1035 localhost:1033 ESTABLISHED
TCP darkonesdesktop:1515 localhost:44334 ESTABLISHED
TCP darkonesdesktop:10025 darkonesdesktop:0 LISTENING
TCP darkonesdesktop:10110 darkonesdesktop:0 LISTENING
TCP darkonesdesktop:44334 localhost:1026 ESTABLISHED
TCP darkonesdesktop:44334 localhost:1515 ESTABLISHED
TCP darkonesdesktop:netbios-ssn darkonesdesktop:0 LISTENING
TCP darkonesdesktop:1104 cpe-024-211-189-197.nc.rr.com:10000 FIN_WAIT_1
TCP darkonesdesktop:2851 cpe-024-211-189-197.nc.rr.com:10000 FIN_WAIT_1
TCP darkonesdesktop:4190 dsaccel3.svc.ops.eu.uu.net:http CLOSE_WAIT
TCP darkonesdesktop:4194 anakin.2020total.net:http CLOSE_WAIT
UDP darkonesdesktop:microsoft-ds *:*
UDP darkonesdesktop:1027 *:*
UDP darkonesdesktop:1029 *:*
UDP darkonesdesktop:1034 *:*
UDP darkonesdesktop:1040 *:*
UDP darkonesdesktop:1516 *:*
UDP darkonesdesktop:44334 *:*
UDP darkonesdesktop:ntp *:*
UDP darkonesdesktop:4186 *:*
UDP darkonesdesktop:ntp *:*
UDP darkonesdesktop:netbios-ns *:*
UDP darkonesdesktop:netbios-dgm *:*

Learn how to read the registry and how to stop xp's services. XP loads many components that you do not need.


Hijack this is another good tool. good for malware that keeps reloading on boot.


can you write something mre on this or give us a link with more information. This is very interesting.

these isn't anything in that list that concerns me as far as viruses and spyware go.

the difference between the /a and -ano is small, /a would be the same as -a which only shows all active ports, -n shows numerical addresses instead of DNS names, DNS names are sometimes useful in assessing whether or not a strange conneciton is a threat -o shows the process ID owning the connection which isn't really needed yet because unless there are suspicious connections there is no real need to know PID just yet.

as for why there are so many active don't worry, windows opens lots of ports for various system services and others may be open for antivirus software (i know H+BEDV's anti-vir uses a TCP connection to communicate between the controll program and the virus scanning service) or other programs needing strong security (using a control app seperate from the program connecting on TCP helps prevent a local user from exploiting a system service by limiting the services interaction with the user)

oh btw my connecitons list is about as long as yours and i am clean of viruses and malware.

Thanks everyone, for the input

can you write something mre on this or give us a link with more information. This is very interesting.

This should be an okay start http://www.blackviper.com/WinXP/servicecfg.htm

This should be an okay start http://www.blackviper.com/WinXP/servicecfg.htm
Black viper is a good resource.

homie_da_clown...Homie don't play dat. Homie play mp3.

Joke.