Re: evidence of Trojan infection?

From: Dave (tippicanoe_at_tyler.com)
Date: 02/29/04 

Date: Sun, 29 Feb 2004 16:43:44 -0600

Thank you, Dave.

I wish I could say that task manager showed me some "suspicious" processes!
Upon boot, I'm running something like 50 individual processes, and
unfortunately, I'm not familiar enough with the good guys vs the bad. I
suppose I could disable them one at a time and try to exhaustively determine
what no longer works, but there must be a better way.

Spybot has a view that looks at processes, and I don't recall anything being
flagged. No ftp.exe process; that much I can say.

Sorry to perseverant, but if there is a way to find out what process or
application is "currently" (I left that out of my inquiry) using the modem
com port, then I might be able to make some headway. The icon in my system
tray tells me when I'm sending out packets (at least I think it does), so
when I see it lit up continuously, and I'm not running anything that should
be dumping lots of data, then I could presumably find out what's going on.
Would you happen to know how I could do a "OK, who's using that COM port?"
kind of thing?

Thanks much for your help so far.

Dave

"Dave Patrick" <mail@NoSpam.DSPatrick.com> wrote in message
news:uABx6lv$DHA.1464@tk2msftngp13.phx.gbl...
> If you do have something running a couple of things to check.
>
> 1.) Look for anything suspicious here; Start\Settings\Control
> Panel\Administrative Tools\Computer Management(Local)\System
> Information\Software Environment\Startup Programs|View|Advanced, then in
the
> "Location" column, you'll find the path to the "Startup" location either
in
> the "Startup" directories or from the registry's "Run" keys.
>
> 2.) Task Manager|Processes and look for suspicious running processes.
>
> 3.) Be fairly suspicious of tftp.exe or ftp.exe as running processes.
>
> --
> Regards,
>
> Dave Patrick ....Please no email replies - reply in newsgroup.
> Microsoft MVP [Windows]
> Microsoft Certified Professional [Windows 2000]
> http://www.microsoft.com/protect
>
>
> "Dave" wrote:
> | I'm running W2K pro, and am using autoupdate, and believe I have all the
> | security patches installed.
> |
> | I access my ISP via dial up.
> |
> | If I stay connected for some time, I see HUGE amounts of data being
sent,
> | even if I am not running any applications that would explain that.
> |
> | Today, in 3 hr 45 min, I've SENT 349,198,000 bytes, while running only
> | Outlook Express..
> |
> | I'm using Norton Antivirus with autoprotect enabled, and with current
> virus
> | definitions. Full system scan finds no viruses.
> |
> | I've also run Spybot Search & Destroy, and immunized with it against
> | "spyware" installation.
> |
> | I'm concerned about all the data I'm evidently puking onto the web.
> |
> | Anybody have any experience in this, or know where to refer me?
> |
> | How can I tell which application or process is using the com port
attached
> | to my modem?
> |
> | Regards;
> |
> | Dave
> |
> |
> |
> |
>
>