AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Use tcpview check monitoring2/20/2023 That's because all user-level programs make requests of the kernel in order to get information, such as access to network connection tables, interfaces, and packets. If you know specific methods used to hide from TCPview could youĪ kernel-level rootkit can hide itself from any user-level program on the system, which includes TCPview. Programs or windows processes (even svhost or system) are establishing To check the current internet connections (even wireshark) and what Maybe there's a method to hide it's activity form any program trying I don't think that a trojan horse will be specifically codded to hideįrom TCPview (or it is TCPview so popular that this happens?) but I want to know this, because I'm not sure that using TCPView or Wireshark to check for unusual connections is a bulletproof test to confirm that activity. If you know specific methods used to hide from TCPView could you mention them? I don't think that a Trojan horse would be specifically coded to hide from TCPView (or it is TCPView so popular that this happens?), but maybe there's a method to hide its activity from any program trying to check the current Internet connections (even Wireshark) and to hide what programs or Windows processes (even svchost or system) are establishing those connections as well. In that case, if there's any method to hide from netstat, it will be hidden from TCPView of course. I'm not sure if TCPView is just a graphic interface using the netstat program. Many websites recommend using TCPView to check for unusual connections, and I wonder if a Trojan can hide its activity from TCPView. I guess is less frequently because (I expect) any non-compromised antivirus protect and alert for changes in system files (not sure if I'm being naive).Įven though, If the Trojan uses a Windows process (not it's own name) to connect to the Internet, many times you can identify what isn't an expected connection to some random IP address. Also, less frequently, it can hide its activity from the netstat command (mostly replacing the program with their own version). I know that a Trojan horse can hide from the Windows Task Manager through various methods. I've done a little research before asking, but I still can't find the answer for this. Can a Trojan horse hide its activity from TCPView?
0 Comments
Read More
Leave a Reply. |