Hello Ferry, I know of a program called TFAK (trojan first aid kit) by Snakebyte which displays a list of running processes, even if they are hidden from the ctrl+alt+del dialog. TFAK can be downloaded from http://www.kryptocrew.de/snakebyte/tfak/TFAK5.zip I hope this program proves useful for you, in more ways than one.
Hamish Stanaway -= KoRe WoRkS =- Internet Security Owner/Operator http://www.koreworks.com New Zealand Is your box REALLY secure? >From: Ferry van Steen <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: Processes on Win98 >Date: Tue, 2 Jul 2002 09:36:33 +0100 >MIME-Version: 1.0 >Received: from [66.38.151.27] by hotmail.com (3.2) with ESMTP id >MHotMailBEECC3060076400432164226971BB1EB0; Wed, 03 Jul 2002 15:17:42 -0700 >Received: from lists.securityfocus.com (lists.securityfocus.com >[66.38.151.19])by outgoing.securityfocus.com (Postfix) with QMQPid >95F5AA3111; Wed, 3 Jul 2002 14:32:30 -0600 (MDT) >Received: (qmail 16935 invoked from network); 2 Jul 2002 07:27:14 -0000 >From security-basics-return-12683-koremeltdown Wed, 03 Jul 2002 15:18:32 >-0700 >Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm >Precedence: bulk >List-Id: <security-basics.list-id.securityfocus.com> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Help: <mailto:[EMAIL PROTECTED]> >List-Unsubscribe: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <mailto:[EMAIL PROTECTED]> >Delivered-To: mailing list [EMAIL PROTECTED] >Delivered-To: moderator for [EMAIL PROTECTED] >Message-ID: <E1864EE7E43ED511AFCB00105ADCEC2604A7E8@IP_NTS02> >X-Mailer: Internet Mail Service (5.5.2653.19) > >Hey there, > >I was wondering, I never heared about seeing all processes on Win9x whilst >appearantly it's very easy to hide them for the Ctrl-Alt-Del window. For >example the distributed.net client which I assume most of you are familiar >with does not appear in the list. Are there any utilities out there to view >all the processes? If simple clients like distributed.net have to go >through >so little effort to hide it, it's probably heaven for trojans and stuff... >If at all possible an utility with an option to kill those processes would >be nice. > >Kind regards, > >Ferry van Steen >InfoPart Automatisering B.V. >Beeksestraat 24 >4841 GC Prinsenbeek >Phone: +31 (0)76 - 5 44 04 11 >Fax: +31 (0)76 - 5 41 83 51 >Mobile: +31 (0)6 - 28 46 47 45 >E-Mail (business): [EMAIL PROTECTED] >E-Mail (private): [EMAIL PROTECTED] >MSN Messenger: [EMAIL PROTECTED] >ICQ (UIN (seldom used)): 191458 > > > _________________________________________________________________ Join the world’s largest e-mail service with MSN Hotmail. http://www.hotmail.com
