Ask the Expert

How to determine if a common process has been hacked

When trying to ID some stealthy Trojan, how can I ensure that the hacker has not hacked part of a common process such as outlook.exe or iexplore.exe?

    Requires Free Membership to View

You could do an integrity check of those files. Using a program like Tripwire or just an md5 calculator, you can get a fingerprint of the normal outlook.exe and iexplore.exe programs. Then, you can check to see if they have changed. If they have changed, it means you have either installed a patch or someone has altered them, possibly maliciously.

For more information on this topic, visit these other resources:
Tech Tip: Inspect files and directories for unexpected changes
Tech Tip: Verify your data
Best Web Links: Securing your products and platforms

This was first published in July 2002

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: