Tag Archives: process

Who’s Phoning Home On Your Internet Connection? Find Out With CurrPorts and, Process and Port Analyzer

imageThere’s not much point (from a cybercriminal’s perspective), in infecting a computer with malware unless the information which it’s been designed to capture, ends up in the nasty hands of the criminal.

Generally speaking then, it’s reasonable to say that the most important function of malware (again, from a cybercriminals perspective) is to “phone home” with the information it’s been designed to steal. It’s hardly surprising that much of the malware infecting the Internet does just that.

You can, if you like, trust that your AV solution will tip you off to any nasty behavior occurring in the background. But, as a follower of  the “better safe than sorry” school of thought, trusting in any AV solution to safeguard my systems in all instances, just doesn’t compute with me. There are no perfect AV solutions.

All to often, “new” malware has already rampaged through the Internet (despite the best AV providers have to offer), before average users become aware. As a result, I’ve long made it a practice to monitor my open ports and Internet connections frequently, throughout a browsing session.

At first glance you might think port checking is time consuming and not worth the effort. But it is worth the effort, and it’s not time consuming – it often takes no more than a few seconds. More to the point, in my view, it is a critical component of the layered defense approach to Internet security that regular readers of this site are familiar with.

There are a number of free real-time port analyzers available for download, and the following is a brief description of each. If you are familiar and comfortable with using the Windows command structure, then you may want to try the command line utility Netstat, which displays protocol statistics and current TCP/IP connections. This utility and the process, are covered later in this article.

But first:

CurrPorts (this is the port tool I use daily), allows you to view a list of ports that are currently in use, and the application (keep in mind, that malware, for all practical purposes – is an application) that is using those ports. You can close a selected connection as well as terminating the process using it.

In addition, you can export all, or selected items, to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

Shown in this screen capture – Browser is not running. No remote connections. Looks like I’m safe.

CurrPorts 2

Shown in this screen capture – Browser is running. Thirty remote connections, all of which are legitimate.

image

Fast Facts:

View current active ports and their starting applications

Close selected connections and processes

Save a text/ HTML report

Info on local port name, local/remote IP address, highlighted status changes

Download at: NirSoft (you’ll need to cursor down the page to the download link).

Next up:

Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

image

Fast Facts:

View currently running processes along with the full path and file which started it

View the active TCP Listeners and the processes using them

View the active TCP and UDP connections along with Process ID

Double click on a process to view the list of DLL’s

Download at: http://sourceforge.net

Netstat:

Windows includes a command line utility which will help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.

image

How to use Netstat:

You should close all open programs before you begin the following process if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

In Windows 8 – type “cmd” at the Metro screen.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type Netstat -r to display the contents of the IP routing table, and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The Netstat -s option shows all protocol statistics.

The Netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers.

Steve Gibson’s website, Shields Up, is a terrific source of information where you can test all the ports on your machine as well as testing the efficiency of your Firewall. I recommend that you take the Firewall test; you may be surprised at the results!

12 Comments

Filed under 64 Bit Software, Don't Get Hacked, downloads, Freeware, Internet Safety Tools, Malware Protection, Software, Utilities

Who’s Using Your Ports? Find Out With These Free Port Analyzers

botnet computers

As a savvy Internet user you are well armed when it comes to ensuring your system is not open to compromise, or exploitation, by malware.

You have protected your machine with an appropriate defense system including a Firewall (either software or hardware), sound and effective antimalware applications (including anti-virus and antispyware), anti-keylogger, and an additional protection layer against zero-day threats with the installation of an application such as ThreatFire.

But, you can take your existing defense system to another level by installing a small application which will provide you with the tools you need to analyze the activity on your ports.

There are a number of free real-time port analyzers available for download, and the following is a brief description of two such applications.

If you are familiar and comfortable with using the Windows command structure, then you may want to try the command line utility Netstat, which displays protocol statistics and current TCP/IP connections. This utility and the process are covered later in this article.

But first:

Process and Port Analyzer 2

Process and Port Analyzer 2 is a real time process, port, and network connections analyzer, which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

image

Quick Facts:

View currently running processes along with the full path and file which started it.

View the active TCP Listeners and the processes using them.

View the active TCP and UDP connections along with Process ID.

Double click on a process to view the list of DLL’s.

Download at: Download.com

CurrPorts

CurrPorts allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it.

As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

image

Quick Facts:

View current active ports and there starting applications

Close selected connections and processes

Save a text/ HTML report

Info on local port name, local/remote IP address, highlighted status changes

Download at: Download.com

Netstat:

Windows includes a command line utility which can help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.

image

How to use Netstat:

You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type netstat -r to display the contents of the IP routing table, and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The netstat -s option shows all protocol statistics.

The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers. A very good source of information is Steve Gibson’s website, Shields Up, where you can test all the ports on your machine, as well as testing the efficiency of your Firewall. Take the Firewall test; you may be surprised at the results!

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Don't Get Hacked, downloads, Freeware, Geek Software and Tools, Network Tools, Software, System Security, Utilities, Windows Tips and Tools

PandaLabs Trojan Warning – FakeWindows.A, and UrlDistract.A

Courtesy of Panda Security: This week’s PandaLabs report looks at two new Trojans (FakeWindows.A, and UrlDistract.A), that try to trick users in order to steal their data.

FakeWindows.A is a Trojan that resembles a Windows XP activation process.

image

This malware can reach computers through email, or can be downloaded from a malicious Web page.

It tries to get users to believe that the operating system is requesting their data to activate the account.

image

In addition to personal data, the Trojan also requests bank details. On entering them, the program displays an error screen indicating it was impossible to
connect to the server. Consequently, in addition to making data theft
easier, users’ computers are blocked.

The UrlDistract.A Trojan, reaches computers through emails with an icon that resembles a video. When run, the Trojan silently steals users’ information, while it distracts them by opening a YouTube video called “Little Superstar” where an actor dances to the music.

image

The Trojan then connects to an address in Atlanta, and sends all the data
stolen from the computer.

More information about these and other malicious codes is available in the Panda Security Encyclopedia. You can also follow Panda Security’s online activity on its Twitter and PandaLabs blog.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Comments Off on PandaLabs Trojan Warning – FakeWindows.A, and UrlDistract.A

Filed under Don't Get Scammed, Don't Get Hacked, internet scams, Internet Security Alerts, Malware Advisories, Online Safety, Panda Security, PandaLabs, trojans, Windows Tips and Tools, Windows XP

2 Free Port Checkers – CurrPorts and Process and Port Analyzer

image If I was a malware writer, and some days I wonder why I’m not since it’s so easy, the most important function of the malware would be to “phone home”, with the information I had targeted to steal. There’s nothing unusual about this, since much of the malware currently infecting the Internet does just that.

So, keeping that in mind, when I have an issue on one of my home machines, and occasionally I do, the very first thing I check is the state of the ports on that machine. Actually, since I’m involved in Internet security, I monitor my open ports and Internet connections frequently throughout a browsing session.

At first glance you might think port checking is time consuming and not worth the effort. But it is worth the effort, and it’s not time consuming. More to the point, in my view, it is a critical component of the layered defense approach to Internet security that regular readers of this site are familiar with.

I don’t want to shatter any illusions  for those of you who believe that the Internet is “free” but, when running a port checker, you might be unpleasantly surprised at the number of ad servers that hold open ports on your machine.

There are a number of free real-time port analyzers available for download and the following is a brief description of each. If you are familiar and comfortable with using the Windows command structure, then you may want to try the command line utility Netstat, which displays protocol statistics and current TCP/IP connections. This utility and the process, are covered later in this article.

But first:

Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

image

Quick Facts:

View currently running processes along with the full path and file which started it

View the active TCP Listeners and the processes using them

View the active TCP and UDP connections along with Process ID

Double click on a process to view the list of DLL’s

Download at: Download.com

CurrPorts (this is the port tool I use daily), allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it. As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

image

Quick Facts:

View current active ports and there starting applications

Close selected connections and processes

Save a text/ HTML report

Info on local port name, local/remote IP address, highlighted status changes

Download at: Download.com

Netstat:

Windows XP includes a command line utility which will help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.

image

How to use Netstat:

You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type netstat -r to display the contents of the IP routing table, and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The netstat -s option shows all protocol statistics.

The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers.

Steve Gibson’s website, Shields Up, is a terrific source of information where you can test all the ports on your machine as well as testing the efficiency of your Firewall. I recommend that you take the Firewall test; you may be surprised at the results!

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

1 Comment

Filed under Anti-Malware Tools, Don't Get Hacked, downloads, Freeware, Geek Software and Tools, Interconnectivity, Internet Safety Tools, Software, System Utilities, Utilities, Windows 7, Windows Tips and Tools

Port Testing With Process And Port Analyzer, CurrPorts and Netstat

botnet computers Each time that you connect to the Internet you are wandering through a raucous neighborhood which has a reputation for being jam-packed with predators.

These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

As a savvy Internet user you are, most likely, generally well armed when it comes to ensuring your system is not open to compromise, or exploitation, by malware in the wild.

It is probable you have protected your machine with an appropriate defense system including a firewall (either software or hardware), a sound and effective malware suite (including anti-virus and spyware), and an additional protection layer against zero-day threats with the installation of an application such as ThreatFire, a free application developed by PC Tools.

But you can take your existing defense system to another level by installing a small application which will provide you with the tools you need to analyze the activity on your ports.

There are a number of free real-time port analyzers available for download and the following is a brief description of each. If you are familiar and comfortable with using the Windows command structure, then you may want to try the command line utility Netstat, which displays protocol statistics and current TCP/IP connections. This utility and the process are covered later in this article.

But first:

Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

Process-And-Port-Analyzer 1

Quick Facts:

View currently running processes along with the full path and file which started it

View the active TCP Listeners and the processes using them

View the active TCP and UDP connections along with Process ID

Double click on a process to view the list of DLL’s

Download at: Download.com

CurrPorts allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it. As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

currports 1

Quick Facts:

View current active ports and there starting applications

Close selected connections and processes

Save a text/ HTML report

Info on local port name, local/remote IP address, highlighted status changes

Download at: Download.com

Netstat:

Windows XP includes a command line utility which will help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.

Netstat

How to use Netstat:

You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type netstat -r to display the contents of the IP routing table, and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The netstat -s option shows all protocol statistics.

The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers. A very good source of information is Steve Gibson’s website, Shields Up, where you can test all the ports on your machine as well as testing the efficiency of your Firewall. Take the Firewall test; you may be surprised at the results!

2 Comments

Filed under Anti-Malware Tools, Don't Get Hacked, Freeware, Geek Software and Tools, Interconnectivity, Networking, Safe Surfing, Software, System Security, Utilities, Windows Tips and Tools

Replace Task Manger with Free System Explorer

Windows Task Manager falls far short of providing me with the information that I really need to monitor activity such as running tasks, processes, modules, system performance, open files, and particularly open Internet connections on my computer systems.

While there are a number of free tools available, that taken together, can provide information on any of the above, my preference has always been for an all-in one application that provides me with all the information.

Recently, I came across just such a free application; one that gives me all that I need, and more; all in a small package. System Explorer, not only monitors activity as described above but in addition, with a right menu click, provides online information including virus checking for any process, driver or service, from VirusTotal or Jotti.

(Click image for larger image)

Since I am by nature a security freak when it comes to system security on the Internet, System Explorer’s ability to provide me with details on file and process via online databases, and automatic security checking of processes, modules and selected files, is a real bonus.

If you are the type of computer user whose comfort level demands full knowledge of your system’s operations then this neat little program shouldn’t disappoint.

For those users’ who like to carry diagnostic programs on a USB flash drives a portable version is also available.

(Clck image for larger image)

Fast facts:

Detailed information on Tasks, Processes, Modules, Startups, IE Add-ons, Uninstallers, Services, Drivers, Connections and Opened Files

Easy check of suspicious files via VirusTotal or Jotti

Easy search details on file/process via online databases

Security Extension for automatic check on processes, modules and selected files

Action History for monitoring processes activities

Performance graphs for monitoring usage of system resources

System Snapshots to monitor system changes

System Report builds rich text report on system

Multilanguage

Plugins Support

System Requirements: Windows XP, Vista

System Explorer is free for both personal and commercial use.

Download at: FileForum

1 Comment

Filed under Diagnostic Software, Freeware, Geek Software and Tools, Portable Applications, Security Rating Applications, Software, Spyware - Adware Protection, System Process Scanners, System Security, System Utilities, USB, Windows Tips and Tools

Another Layer of Internet Safety – Probe Your Ports

Each time that you connect to the Internet you are wandering through a raucous neighborhood which has a reputation for being jam-packed with predators. These predators are intent on stealing your money and personal information, installing damaging programs on your computer, or misleading you with an online scam.

As a savvy Internet user you are, most likely, generally well armed when it comes to ensuring your system is not open to compromise, or exploitation, by malware in the wild.

It is probable you have protected your machine with an appropriate defense system including a firewall (either software or hardware), a sound and effective malware suite (including anti-virus and spyware), and an additional protection layer against zero-day threats with the installation of an application such as ThreatFire 3, a free application developed by PC Tools.

But you can take your existing defense system to another level by installing a small application which will provide you with the tools you need to analyze the activity on your ports.

There are a number of free real-time port analyzers available for download and the following is a brief description of each. If you are familiar and comfortable with using the Windows command structure, then you may want to try the command line utility Netstat, which displays protocol statistics and current TCP/IP connections. This utility and the process are covered later in this article.

But first:

Process and Port Analyzer is a real time process, port and network connections analyzer which will allow you to find which processes are using which ports. A good little utility that does what it says it will do.

Quick Facts:

View currently running processes along with the full path and file which started it

View the active TCP Listeners and the processes using them

View the active TCP and UDP connections along with Process ID

Double click on a process to view the list of DLL’s

Download at: Download.com

CurrPorts allows you to view a list of ports that are currently in use, and the application that is using it. You can close a selected connection and also terminate the process using it. As well, you can export all, or selected items to an HTML or text report. Additional information includes the local port name, local/remote IP address, highlighted status changes and more.

Quick Facts:

View current active ports and there starting applications

Close selected connections and processes

Save a text/ HTML report

Info on local port name, local/remote IP address, highlighted status changes

Download at: Download.com

Netstat:

Windows XP includes a command line utility which will help you determine if you have Spyware/Botware running on your system. Netstat displays protocol statistics and current TCP/IP connections.

I use this utility as a test, to ensure that the anti-malware tools and Firewall running on my systems are functioning correctly, and that there are no open outgoing connections to the Internet that I am not aware of.

How to use Netstat:

You should close all open programs before you begin the following process, if you are unsure which ports/connections are normally open while you are connected to the Internet. On the other hand, if you are familiar with the ports/connections that are normally open, there is no need to close programs.

There are a number of methods that will take you to a command prompt, but the following works well.

Click Start>Run>type “cmd” – without the quotes>click OK> this will open a command box.

From the command prompt, type Netstat –a (be sure to leave a space), to display all connections and listening ports.

You can obtain additional information by using the following switches.

Type netstat -r to display the contents of the IP routing table, and any persistent routes.

The -n switch tells Netstat not to convert addresses and port numbers to names, which speeds up execution.

The netstat -s option shows all protocol statistics.

The netstat-p option can be used to show statistics for a specific protocol or together with the -s option to show connections only for the protocol specified.

The -e switch displays interface statistics.

Running Netstat occasionally is a prudent move, since it allows you to double check which applications are connecting to the Internet.

If you find there are application connections to the Internet, or open ports, that you are unfamiliar with, a Google search should provide answers. A very good source of information is Steve Gibson’s website, Shields Up, where you can test all the ports on your machine as well as testing the efficiency of your Firewall. Take the Firewall test; you may be surprised at the results!

2 Comments

Filed under Anti-Malware Tools, Freeware, Geek Software and Tools, Interconnectivity, Internet Safety, Internet Safety Tools, Online Safety, Software, Spyware - Adware Protection, System Security, Utilities, Windows Tips and Tools