HiddenProcess
@optonline.net
| Hidden process- Cannot be detected and is stealthy -
There seems to be a hidden process on my computer with no name at all
No matter what tools i use....Rootkit unhooker or hidden process finder.....Fport....
nothing detects it
I was using port explorer - Everything seemed fine...
BUT then i saw a process WITH NO NAME and it was transmiting to a canadian ip - THEn it DISAPPEARED
I've had someone with a canadian ip address log into my rapidshare account download and upload with it too - I caught it quikckly and chaged my password
I don't know how long it's been going on for but I KNOW WHAT I SAW!
What can be use to detect hidden processes? Because apparently i've used many tools and no hidden process shows up |
|
Pjr
join:2005-12-11
UK |  I would format and re-install. I wouldn't trust anything on it any longer. |
|
jack b
Gone Fishing
Premium,MVM
join:2000-09-08
Cape Cod
clubs: | reply to HiddenProcess
ditto. |
|
HiddenProcess
@optonline.net
| reply to HiddenProcess
I am REALLY Angry
My computer is running fast and without any problems...It's like a dream
I'm experienced too - I've used tools as rootkit unhooker and Fport - And all that - Even autoruns
Everything is fine
Wow this is disturbing |
|
Thug21
Just Chillin'
Premium
join:2005-08-21
4 edits | Why not take a look at the cleanup forum if you are infected with something nasty. »Security Cleanup.
If I were you, I'd give AVG Antispyware and SuperAntispyware a try. Perhaps some more antirootkit tools as well like F secure blacklight and AVG antirootkit.
If there is something unknown running on your pc and stealing info, it might be good to find the source of it so companies can add detection for it.
Also, I was wondering, do you run any AV program? |
|
c0d3r x
@codesklave.de | reply to HiddenProcess
I doubt Blacklight beta or AVG AK would help much if RKU hasn't found anything. RKU is light years ahead of these other AKs. But I suppose it never hurts to try them. |
|
Thug21
Just Chillin'
Premium
join:2005-08-21
2 edits | Right on both counts. |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
 ·Verizon FIOS
| reply to HiddenProcess
said by HiddenProcess :
and no hidden process shows up Maybe the tools are correct - there is no 'hidden process'. Maybe the thing that you were using that made you think there was a 'hidden process' was simply incapable of determining the name? |
|
HiddenProcess
@optonline.net
| reply to HiddenProcess
The program i was using is called "Port Explorer"
Usually everything is clean
But apparently i saw a "Process or service" Without anyname and it was to a foreign ip in canada
Well i have kaspersky - i scanned in windows and in SAFE mode
Even did a rootkit scan and turned up the heuristic On all scans
CLEAN CLEAN CLEAN! Maybe i'm just way too paranoid
I did have an irc backdoor on my computer....Back when i didn't use any antivirus |
|
HiddenProcess
@optonline.net
1 edit | reply to HiddenProcess
I have never had any problems with my computer...NEVER
I have a rapidshare.com premium account
I use FLASHGET - Which some say is malware
Well you know you can download rapidshare files through flashget
But you need to enter your name and password in flashget to be able to do that
And a few months ago - I just cant get over this
 |
|
dualsmp
join:2001-08-25
Charlotte, NC | reply to HiddenProcess
Would Process Guard be any help in this situation? I saw the "P" in your tray, but wasn't sure if this was PG. |
|
foxsteve
Premium
join:2001-12-28
Campbell, CA
| reply to HiddenProcess
Sorry, that your description does not contained important/necessary information for analysis.
If you need help, show, for example, this information
- point out when those downloads took place - at visits some site(s) or when your computer was connected to the Internet without any router, and so on.
- what packets were downloaded - copy them, archive and attach to your next post. |
|
SnowyOne
Premium
join:2003-04-05
Kailua, HI
 ·RoadRunner Cable
 ·Clearwire Wireless
| reply to HiddenProcess
said by HiddenProcess :
BUT then i saw a process WITH NO NAME and it was transmiting to a canadian ip - THEn it DISAPPEARED
WireShark »www.wireshark.org/ won't give you the name of a process but it will show you exactly what is being transmitted. |
|
WeenieBoy
join:2003-06-25
Pasadena, MD | reply to HiddenProcess
Am I missing something ? The graphic states "traffic you have generated with your premium account" Could it be someone is using your account and not your PC. Sorry if I don;t get it. |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
·AT&T Southeast
·Cingular Wireless
·AT&T CallVantage
| reply to HiddenProcess
Please read the site FAQ regarding the posting of in-line externally linked images so that in the future you do not blow out the margins for the rest of us.
»Site FAQ »How wide can an uploaded graphic be?
»Site FAQ »Inline Images in Posts
said by Site FAQ :
Using Image Tags for Linking Off-Site
Any graphic wider than 700 pixels linked off-site using [img] tags will not be resized, and it will blow out the right margin of the posting window. The extended margin will affect the entire posting page, and it can render the thread difficult for you and others to read...
Please be considerate of others when posting images.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.
Test your firewall. |
|
Elite
join:2002-10-03
Orange, CT
·Optimum Online
| reply to HiddenProcess
Ever consider the fact that rootkits don't need processes or any usermode code at all?
Have you considering posting an RkU log? I'd be pretty damn surprised to see RkU completely bypassed.
--
AMD, because it's just better. |
|
HiddenProcess
@optonline.net
| reply to HiddenProcess
Well i have used Rku an it is all clean
Anyway, I am just paranoid that my rapidshare.com account was used
Well i did have a backoor.irc on my computer
Anyway evrything is fine on my pc.
And i sill Am WONDERING! how a person who is from canada got into my rapidshare.com account uploaded files and downloaded with it
I guess i will never know...AND THEY DIDNT CHANGE MY PASSWORD?
This is strange like hell...But no one has logged into it since i removed that backdoor |
|
Elite
join:2002-10-03
Orange, CT | reply to HiddenProcess
Glad to hear you've got it all resolved (or appear to).
--
AMD, because it's just better. |
|
HiddenProcess
@optonline.net
| reply to HiddenProcess
Believe me, The time i spent trying to find anything suspicious on my computer and everything was fine
I have used various tools, I have even checked for kernel hooks and evrything that is hooked is from a legitimate application
I have captured network traffic, All turns out clean
I have used auto runs
I have used netstat
I have used kaspersky with all the scans turned on max and even scanned in safe mode
Well this all happened when i had a backdoor on my pc...Who knows
But anyway...What else can i possibly do? I am just upset and paranoid about the whole thing...I installed an apllication that also had a backdoor. And the only thing it id was use my rapidshare premium account |
|
tempnexus
Premium
join:1999-08-11
Boston, MA | Wait so you are saying that everything came out clean even though you had backdoor.irc infection? |
|
