Q

How to determine if a common process has been hacked

When trying to ID some stealthy Trojan, how can I ensure that the hacker has not hacked part of a common process such as outlook.exe or iexplore.exe?
You could do an integrity check of those files. Using a program like Tripwire or just an md5 calculator, you can get a fingerprint of the normal outlook.exe and iexplore.exe programs. Then, you can check to see if they have changed. If they have changed, it means you have either installed a patch or someone has altered them, possibly maliciously.


For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: Inspect files and directories for unexpected changes
Tech Tip: Verify your data
Best Web Links: Securing your products and platforms


This was first published in July 2002

Dig deeper on Network Device Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close