.jpg)
Recent post
Showing posts with label Windows Trick'z. Show all posts
Symptoms of a trojan:
Unusual behaviour of the system is a mere indication of a Trojan attack!!!
• Programs starting and running without the initiation of the User.
• Opening or Closing of CD-ROM drawers
• Wallpaper, background, or screen saver settings changing by themselves
• Screen display flipping upside down
• Browser program opening strange or unexpected websites.
All the above actions seem like a ghost controlling your system!!!!
The actions clearly indicate that you are under Trojan attack!
Concept behind Detecting Trojans:
The first and foremost thing you have to do is to check the applications which are making network connections with other computers. One of those applications will be a process started by the Server Trojan.
METHOD 1:
Detecting trojans using" netstat" command
An effective method to detect trojans is by using “netstat” command.
Step1: Go to Start>run and type cmd ( to open command prompt)
Step2: Go to C drive and type netstat
It displays all the Active Connections.
Unusual behaviour of the system is a mere indication of a Trojan attack!!!
• Programs starting and running without the initiation of the User.
• Opening or Closing of CD-ROM drawers
• Wallpaper, background, or screen saver settings changing by themselves
• Screen display flipping upside down
• Browser program opening strange or unexpected websites.
All the above actions seem like a ghost controlling your system!!!!
The actions clearly indicate that you are under Trojan attack!
Concept behind Detecting Trojans:
The first and foremost thing you have to do is to check the applications which are making network connections with other computers. One of those applications will be a process started by the Server Trojan.
METHOD 1:
Detecting trojans using" netstat" command
An effective method to detect trojans is by using “netstat” command.
Step1: Go to Start>run and type cmd ( to open command prompt)
Step2: Go to C drive and type netstat
It displays all the Active Connections.
Now Type the command netstat –ano
It displays all the present TCP/IP and UDP ports that are being used.
The trojan could be one of the ESTABLISHED conections. But not all the ESTABLISHED connections are trojans.
Step 3: Open task manager.
(This can be done by right-clicking on task bar and start task manager)
Step 4:
Go to view-->select columns
Go to view-->select columns
Check the process Identifier and click ok.
Step 5: Cross check the PIDs of ESTABLISHED connections with the PIDs shown on task manager to know the name of the program or application running. For example PID 5004 isTeamViewer.exe (as shown in the image)
Step6: Whenever you find a suspicious program, copy the name and paste it in the search box of spywareguide.com
For example, one of the programs could be Backdoor.Alvgus.a.exe. Copy it and paste it in the search box of spywareguide.com
Click on it and it displays its properties…..
How To Kill A Program??
Well, you have identified a trojan. Now you have to kill it. You can kill the process using pskill.
And now you can kill the program using pskill.
You can download pskill from here.
Store the pskill.exe application on your C drive. And now you can kill the particular process using the command C:\>pskill 5004 (PID of the program).
METHOD 2:
Detecting and removing Trojans Using TCPView:
If you find it difficult to do all the above stuff, just go through this method.
TCPView is a Windows program that will show you detailed listings of all TCP and UDP end points on your system, including the local and remote addresses and state of TCP connections. you can download it from here.
When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions.
Endpoints that change state from one update to the next are highlighted in yellow;
those that are deleted are shown in red, and new endpoints are shown in green.
You can right-click on active connections and check the properties.
Once you get hold of the Trojan application, you can Kill the active connection and the running process and then delete the physical application file.
This will make you recover from the attack of Trojan.
How to prevent a Trojan Attack??
The key to preventing Trojans and backdoors from being installed on a system is to not to install applications downloaded from the Internet or open Email attachments from parties you don’t know.
Most commercial antivirus programs have Anti-Trojan capabilities as well as spyware detection and removal functionality.
These tools can automatically scan hard drives on startup to detect backdoor and Trojan programs before they can cause damage. It’s important to use commercial applications to clean a system.
Also use Malwarebytes Anti-Malware to protect your computer from all kinds of viruses and trojans. You can download it from here.
NOTE: Never ever download trojans and RATs from third party websites. Always use Trojans from their official websites only.
About the author: This is a guest post by ANUSHA MANNE who is interested in new technologies and wants to share knowledge with my blog readers. Usually writes articles related to latest technologies at Techie Talk
Hope you enjoyed the article, feel free to leave your comments for further clarifications anddoubts.
We can block websites in windows by modifying HOSTS file.
What is HOSTS file?
One of the lesser known, but important files included with Windows is the hosts file.
It's a simple text file without any file extension that was designed to map or override IP addresses before accessing a domain name server.
i.e when you enter a domain name (eg:www.google.com), your browser searches for the IP address of www.google.com in your HOSTS file before searching it in the DNS server.
Procedure:
step 1)open your notepad with admin rights as shown below.
step2)now goto file and click on "open" and then navigate to C:\windows\system32\drivers\etc
step3)Now change your extension to "all files" in the notepad.
you will see HOSTS file and open it.
It will look like
step4)add the following lines in the HOSTS file as shown in the figure.
127.0.0.1 www.google.com
127.0.0.1 google.com
step5)save it. and open your browser. Now type www.google.com
It will not be opened.
cheers.
Hope you enjoyed it. Comments encourage us in giving much more to you.
Have you ever thought of breaking into your friend’s password protected computer to steal his confidential files? What if you forget the password of your computer? This article will answer all these questions.
In this article i am going to show you how you can hack windows password using OPHCRACK LIVE CD.
What is OPHCRACK??
Ophcrack is a free open source program that cracks Windows passwords by using NTLM hashes through rainbow tables. By default, ophcrack is bundled with tables that allows it to crack passwords no longer than 14 characters using only alphanumeric characters. For moreabout rainbow tables please visit this link.
Procedure to Hack:
Step 1: Download ophcrack live cd from here.
Step 2: Make abootable CD/DVD with the downloaded iso file.
Follow the steps to create a bootable CD/DVD.
First download the ISO burner software from here. I selected this software because there is no need of installation. You can use it just by double clicking the file you downloaded.
Now put your blank CD in CD drive.
When you double click isoburner software, it shows the following screen.You can locate the file by clicking on the “open” option. and then click Burn button.
Step 3: put the CD/DVD in your CD-DRIVE
Restart your computer and change your boot options to “boot from CD/DVD”
You can do this by continuously pressing F12 or F10 when it is restarting. You may use del or esc also. This option changes computer to computer.
Then follow the instructions that shows. It is self explanatory so you can easily understand that. Once if ophcrack loads completely, it will automatically get your Windows password.
Hope you enjoyed the article. if you have any doubts or suggestions, please leave your comments.
This Trick Is For Who Still Can't Activate Windows 8 !
Now type these lines without Quation Mark.
1. “slmgr /upk”
2. Press enter then type this
3. “slmgr /ipk NG4HW-VH26C-733KW-K6F98-J8CK4”
4. Press enter then type this
5. “slmgr /skms lunar21.no-ip.org:80”
6. Press enter then type this
7. “slmgr.vbs –ato”
If you’re done, restart your pc and , you have successfully activated
your windows 8 to be fully genuine.
This trick is tested on Windows 8 Professional . Enjoy it .