Welcome to the Gabol Hacker Crew: Are you safe.?
Firesheep VS Blacksheep lets see who wins. See the post on firefox LINK See the post on Blacksheep LINK Learn how to hide files in pictures LINK Browse Anonymously anywhere – Bypass Firewall & Proxy LINK How to hack a WEP wireless Connection LINK How to be safe from Hackers..! LINK Are you safe.? LINK Top Websites Vulnerable to XXS attack LINK How to Track Your Stolen Laptop LINK Turn Your Firefox into a password Stealer Without any Software LINK How to Find a Serial Number for Any Program LINK How to hack a Email LINK These vulnerability sites cn get hacked by shells.. LINK How to HACK Facebook,hotmail,Yahoo,Gmail,Twitter,Orkut,Myspace and msn Passwords. LINK Mind belowing..!!! LINK

Friday, November 5, 2010

Are you safe.?





   In this post i am going to show you how to find out when you are infected with a RAT or Keylogger, without using any complex tools.

Now i believe most of you might know that you need to have an internet connection to make a RAT or a Keylogger work, which would mean, if you are not connected to internet, you don't have to worry about being infected with RAT or Keylogger. Ok, so for those who have internet connection and think they are being infected with a Trojan, here is a little guide that can solve your problem.

1. Now every program has their own process which can be seen on task manager. So the first thing to do is to find out which process the Trojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that.

2. If you cant find, then the next thing you can do is use cmd (to open cmd prompt, Click on Start--->Accessories-->Command prompt).

3. Once Command Prompt is opened, use this command: netstat -an |find /i "listening"
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool!

Now we wonder What this Command does? This command will show all the opening ports. Now check for any unknown port.

4. You can skip step 3 if you want, and can do this instead.

Open command prompt and type netstat -b



Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.

5. Go to your task manager. On the top of it, click on View---> select Column---> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.



Now most of the RATs resides on Start up. How to delete them from start up?



a) Go to regedit ---> HKLM\Software\Microsoft\Windows\Current version\Run
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCU\Software\Microsoft\Windows\Current Version\Run

OR

Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.



Posted by Muhammad Amier baksh Gabol at 4:57 AM
Labels: