Q

How to determine if a common process has been hacked

When trying to ID some stealthy Trojan, how can I ensure that the hacker has not hacked part of a common process such as outlook.exe or iexplore.exe?
You could do an integrity check of those files. Using a program like Tripwire or just an md5 calculator, you can get a fingerprint of the normal outlook.exe and iexplore.exe programs. Then, you can check to see if they have changed. If they have changed, it means you have either installed a patch or someone has altered them, possibly maliciously.


For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: Inspect files and directories for unexpected changes
Tech Tip: Verify your data
Best Web Links: Securing your products and platforms


This was last published in July 2002

Dig Deeper on Network Device Management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close