Who's There?

This is part of some remarks I've put together for friends
who are stuck with Windows. You should have read this first.

How do you know if you've been 'hacked' (actually the proper geek term is 'cracked', read here)? There are lots of details one could go into, but the fact you are reading this is probably the best. You've noticed your machine has become very slow. Your Internet connect is abysmally slow or you have seen bizarre things happen on your machine. If stuff like that is happening on a machine today, you can bet you have been attacked - and they won.

TCPView Screen shot

One tool I find very useful for this sort of thing is called TCPView and is available from http://www.sysinternals.com/ntw2k/source/tcpview.shtml. This tool simply shows all the connections from your machine to the outside world. There are way more connections than you'd ever guess.

If you download TCPView and double click on it, you will see something like that at the left. Every second or so, the screen will refresh so you can get an idea of the network activity on your machine.

If you think your machine is not doing a thing and you see activity from TCPView - you've probably been cracked. Now there ARE legitimate reasons for your 'idle' machine to connect to other places in the world. XP and your virus scanner will check for updates every now and then, but that doesn't happen too much.

If you see connections from places you don't recognize and they continue to run, you can bet something's running on your machine you did not invite in. It's time for a scan with virus scanner, Stinger or maybe even a complete re-install.

Return to Copying with Windows

Copyright (c) 2004 Terry Gliedt. Direct comments or questions to tpg@hps.com.
Be sure to use a subject of 'Coping with Windows' or your Email will likely be tossed out by my SPAM filters.
Last Revision: Feb 14, 2005