Scott Hanselman gives a real world example of using three different utilities from Systernals for
tracking down a trojan on a machine.Excerpt:
I showed up and suggested we download the three horsemen: TCPView, Autoruns,
and ProcessExplorer.
First step was to find out what process was asking for the Russian sites. TCPView
to the rescue. We can see from the first screenshot that the port is being opened
by winlogon.exe, the Windows NT Login Manager – certainly a legitimate executable.
ComputerZen.com
- Scott Hanselman – Tracking down a Trojan.
Random Posts
Loading…