Sorry your browser is not supported!

You are using an outdated browser that does not support modern web technologies, in order to use this site please update to a new browser.

Browsers supported include Chrome, FireFox, Safari, Opera, Internet Explorer 10+ or Microsoft Edge.

Geek Culture / how to find very hidden things

Author
Message
White knight
19
Years of Service
User Offline
Joined: 31st Dec 2004
Location:
Posted: 20th Oct 2006 03:39
Link
to see what's unning even hidden processes use tcpview(what goes online) also use pview(everything that has and is still running) to find hidden things that explorer does not (even after enableing find hidden and system files) goto dos type dir /o /a /l /p and also attrib will see them to also use pv from pview in dos to see what's running also to kill a process with pv type in for example(c:\pview\pv -k processname)
you can find the items pview and tcpview on msn
some things (if you got a trojan) will show up as something like ?ame.exe in windows it wont have the ? also hidden and system attribs set to them to hid them there is alot of ways that hax3rz hide things and even trick all antiviruses avg will not pick up certain trojans there some trojans even if you know the name it will have 3 of the same processes running and also a few hidden processes that monitor them
also in registery in xp there is a value to watch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon in the key value shell only thing in there should be explorer.exe some trojans monitor that place and keep the value to the trojan name and keep explorer there also check other values in there for suspicious names Userinit should only have explorer.exe in it. to see everything (all info of system including running processes and what starts up )goto start->run type in msinfo32 to edit some startup stuff use msconfig also avir is good for detecting any virus/trojan but free version only get's in the way though.
the registered version can automaticly delete the trojans/viruses silently instead of prompting you also another way to see everything in windows dir including hidden stuff is to use your xp boot disk and go into recovery mode
and type dir. you can manualy delete it too just enable pview's monitor and see what all has and is running then goto recovery mode and delete the files and also make sure to scan the hd again on another pc to make sure that the trojan is gone use avir to check it.
more info will be posted later when i get some time i'll make a tutorial on how to manualy get rid of trojans and spyware (grayware) remember check with pview and tcpview there your best friends
also use router and secure it (if nneded read router's manual)
Back to top
Profile PM Website
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 20th Oct 2006 05:16
Link
gotta love windows at the moment with all these virii problems. NOT

Back to top
Profile PM Email
White knight
19
Years of Service
User Offline
Joined: 31st Dec 2004
Location:
Posted: 20th Oct 2006 06:53
Link
well in linux there is some holes in it too but most are because of user error like for instance a hax3r can get in just by useing a linux machine and useing it's ssh program to get into a unsecure default install in all oses watch your ports make sure if your not going to use then to close them in firewall also best way to keep intruders out is to have a hardware firewall like a router and watch what you accept from others also watch what sites you go on there a big prob on trojans and viruses as a professional pogrammer i found a lot of ways to protect the pc no matter what os was running on it a good expert hax3r can find holes in a unsecure pc and take it over but if you do take the nececary precautions you will be fine.
there is several programs out there shareware,freeware and retail but most if not all do have flaws in them there not going to catch every last one of the trojans/viruses but can decrease them reason for not getting all is because there is new trojans/viruses out every day and hax3rz are tring to find new ways to trick the antivirus progs they try to find new ways to take or destroy the victums pc. but as long as you take precautions you will be 99.9% safe of cource you can never be 100% safe as long as the internet exists.
more info and tutorials will come latter as time permits.
Back to top
Profile PM Website
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 20th Oct 2006 07:01
Link
you should write a tutorial on a honeypot and DMZ.

Back to top
Profile PM Email
White knight
19
Years of Service
User Offline
Joined: 31st Dec 2004
Location:
Posted: 20th Oct 2006 07:03 Edited at: 20th Oct 2006 07:23
Link
i know dmz i'll have to research on honeypot
well here is something i found about honeypot http://rootprompt.org/article.php3?article=210
Back to top
Profile PM Website
Zaibatsu
18
Years of Service
User Offline
Joined: 1st May 2006
Location: Lost in Thought
Posted: 20th Oct 2006 09:02
Link
Can anyone summarize what those guys said, becuase I'm intersted in the conversation, but its too late for me to focus on reading those big posts...

"If it weren't for monsoor here, this town wouldn't be here, and that kid would never grow up to lie about texas!"
Back to top
Profile PM Email
CattleRustler
Retired Moderator
21
Years of Service
User Offline
Joined: 8th Aug 2003
Location: case modding at overclock.net
Posted: 20th Oct 2006 14:53
Link
yeah, basically he said:

Quote: "to see what's unning even hidden processes use tcpview(what goes online) also use pview(everything that has and is still running) to find hidden things that explorer does not (even after enableing find hidden and system files) goto dos type dir /o /a /l /p and also attrib will see them to also use pv from pview in dos to see what's running also to kill a process with pv type in for example(c:\pview\pv -k processname)
you can find the items pview and tcpview on msn
some things (if you got a trojan) will show up as something like ?ame.exe in windows it wont have the ? also hidden and system attribs set to them to hid them there is alot of ways that hax3rz hide things and even trick all antiviruses avg will not pick up certain trojans there some trojans even if you know the name it will have 3 of the same processes running and also a few hidden processes that monitor them
also in registery in xp there is a value to watch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon in the key value shell only thing in there should be explorer.exe some trojans monitor that place and keep the value to the trojan name and keep explorer there also check other values in there for suspicious names Userinit should only have explorer.exe in it. to see everything (all info of system including running processes and what starts up )goto start->run type in msinfo32 to edit some startup stuff use msconfig also avir is good for detecting any virus/trojan but free version only get's in the way though.
the registered version can automaticly delete the trojans/viruses silently instead of prompting you also another way to see everything in windows dir including hidden stuff is to use your xp boot disk and go into recovery mode
and type dir. you can manualy delete it too just enable pview's monitor and see what all has and is running then goto recovery mode and delete the files and also make sure to scan the hd again on another pc to make sure that the trojan is gone use avir to check it.
more info will be posted later when i get some time i'll make a tutorial on how to manualy get rid of trojans and spyware (grayware) remember check with pview and tcpview there your best friends
also use router and secure it (if nneded read router's manual) "


and

Quote: "well in linux there is some holes in it too but most are because of user error like for instance a hax3r can get in just by useing a linux machine and useing it's ssh program to get into a unsecure default install in all oses watch your ports make sure if your not going to use then to close them in firewall also best way to keep intruders out is to have a hardware firewall like a router and watch what you accept from others also watch what sites you go on there a big prob on trojans and viruses as a professional pogrammer i found a lot of ways to protect the pc no matter what os was running on it a good expert hax3r can find holes in a unsecure pc and take it over but if you do take the nececary precautions you will be fine.
there is several programs out there shareware,freeware and retail but most if not all do have flaws in them there not going to catch every last one of the trojans/viruses but can decrease them reason for not getting all is because there is new trojans/viruses out every day and hax3rz are tring to find new ways to trick the antivirus progs they try to find new ways to take or destroy the victums pc. but as long as you take precautions you will be 99.9% safe of cource you can never be 100% safe as long as the internet exists.
more info and tutorials will come latter as time permits. "


Its 9/11 - but its FAKE 9/11 Ts=SQRT(Df/16)
Back to top
Profile PM
Torsten Sorensen
19
Years of Service
User Offline
Joined: 23rd Oct 2005
Location: Seattle, WA
Posted: 20th Oct 2006 21:52
Link

Hehehehe, wow...

Back to top
Profile PM Email Website
Zaibatsu
18
Years of Service
User Offline
Joined: 1st May 2006
Location: Lost in Thought
Posted: 21st Oct 2006 01:16
Link
oh. that helped.

"If it weren't for monsoor here, this town wouldn't be here, and that kid would never grow up to lie about texas!"
Back to top
Profile PM Email
Chris Franklin
19
Years of Service
User Offline
Joined: 2nd Aug 2005
Location: UK
Posted: 23rd Oct 2006 01:07
Link
Quote: "oh. that helped.
"


Stp being lazy and just read them not hard

My nvidia compo entry
Back to top
Profile PM Website
Jeku
Moderator
21
Years of Service
User Offline
Joined: 4th Jul 2003
Location: Vancouver, British Columbia, Canada
Posted: 23rd Oct 2006 01:43
Link
And Chris, you could stop trolling too.

http://www.codercafe.com - My blog
Ben Stein's Christmas Thoughts
Back to top
Profile PM Website
Nicholas Thompson
20
Years of Service
User Offline
Joined: 6th Sep 2004
Location: Bognor Regis, UK
Posted: 23rd Oct 2006 02:07
Link
As I understand it - honeypots are basically traps. It's like leaving a machine unprotected on the internet waiting for someone to try to hack it and then catching them in the act... I think...

[center]
Back to top
Profile PM Email Website
QuothTheRaven
22
Years of Service
User Offline
Joined: 2nd Oct 2002
Location: United States
Posted: 23rd Oct 2006 02:39
Link
please edit your first post...

PAR
A
GRAPHS

Back to top
Profile PM
indi
22
Years of Service
User Offline
Joined: 26th Aug 2002
Location: Earth, Brisbane, Australia
Posted: 23rd Oct 2006 03:11
Link
correct guys. honey pots can also be used by developers as well in web dev companies, game companies, and any IT sector that needs to look at the other side of your networked project.
I used to run a ppc 7100 80mhz 128m as a router with honeypot, when routers dropped in price and the firewalls got better, i didnt need to run a dedicated computer as my router server.

Back to top
Profile PM Email
Back to top

Login to post a reply

Server time is: 2024-11-17 18:37:12
Your offset time is: 2024-11-17 18:37:12