"Dharmesh" <Dharmesh@discussions.microsoft.com> wrote in message
> Hello friends, thankyou for your reply and also for helping me by giving
> links for the solution.
> 1 thing i would like to bring in to your notice is that.... its not
> of browsing net i got hacked....
Well, it's still in your area after all, it's your machine.
> When we are in to business there are many people who try to steal
> informations, and there are some nasty programmers out there, who knows
> to get unattended installation done. This kind of installations can be
> just by inserting a flash drive in to your computer and to get this
> installation done it takes hardly 2 or 3 minutes, or the installation be
> activated on a copy/paste command to or from the external storage
> Win Vista has some files called as winhost... than rundll32... which can
> cracked very easily... where a hacker can control your computer even
> you knowing it.
> Thats the main reason why i asked for a tool that can show softwares
> in stealth mode or if any files of windows has been cracked. as when a
> software runs in stealth mode, a user can not see it in program files or
> in task manager under process.... so how to catch this kind of installed
I gave you the tool called Process Explorer. It will allow you to look
inside of any running process and show what's running with the process the
hidden process, which malware or a rogue process can attach itself to and
execute with a legit process hosting it.
But that tool requires that you go look for yourself and know what you're
You can go to PE's Menu/View/Show Lower Pane/Show all DLL's and PE will show
you everything that running or hosted by a process when you click on a
process in the upper pane.
You can right click on a process in the upper pane and go to Properties and
PE will give you more information about a given process and what's running
with the process, like what directory the process is running out of and the
author of the process. You can also do the same thing in the lower pane as
You see, you have to be very aware of what you're looking at when looking
at DLL(s) and whatnot, because someone can make something look very legit
and you heve to question it if you suspect something.
Just about all programs that will be legit sort of speaking are when you can
find mention of those DLL(s)/ programs out on Google for the most part. If
you don't find something using Google, then you have to question what is it.
But that's not 100% using Google either, even if it looks legit, you still
have to question it.
About making something look very legit, take Svchost.exe or Dllhost32.exe, a
person/programmer can name something with those names, and the unspecting
user can miss something like that when it's running, easily.
However, those types of rogue programs will not be running out of the
Windows/System32 directory. They will be running from some other directory.
It's just an example of how slick someone can be if you're not aware of it.
There are other techniques of detection you can do yourself that's being
talked about in the link above.
> well i think its microsoft's responsibility to atleast give a tool to
> authorized users of their OS to find such spy softwares installed on your
> computer. and also to notify any unattended installation is getting done
> to your computer.
It's not going to happen. If you leave the machine unattended, not locked
down when you leave it with password protection, not use a strong password,
and you are Admin on the machine, left in this state, then anything can
It doesn't matter what O/S is being used, MS, Linux, Apple or whatnot, if
you're not doing the things needed to protect yourself.
You now know that this is an issue and you need to start changing your
mindset, because MS is not going to do it for you. It's your business and
your machine, it's not MS's.