Re: Ports->Process on Win NT/2k

From: baba ali (
Date: 09/26/02

Date: 26 Sep 2002 13:59:08 -0000
From: baba ali <>

('binary' encoding is not supported, stored as-is) In-Reply-To: <>


I am reading a paper from security online related to detecting and
removing malicious code on Win2k.There is reference to some tools that may
be the answer to your question.The article in question is from H
CArvey "Detecting and removing Trojans and malicious code from Win2" and
you can find the tools on
Hope that help.

>Received: (qmail 24603 invoked from network); 25 Sep 2002 20:45:45 -0000
>Received: from (HELO (
> by with SMTP; 25 Sep 2002 20:45:45 -0000
>Received: from (
> by (Postfix) with QMQP
> id 5070A8F38C; Wed, 25 Sep 2002 13:40:13 -0600 (MDT)
>Mailing-List: contact; run by ezmlm
>Precedence: bulk
>List-Id: <>
>List-Post: <>
>List-Help: <>
>List-Unsubscribe: <>
>List-Subscribe: <>
>Delivered-To: mailing list
>Delivered-To: moderator for
>Received: (qmail 28029 invoked from network); 25 Sep 2002 05:54:17 -0000
>Message-ID: <>
>Date: Wed, 25 Sep 2002 11:54:33 +0530
>From: R Pradeep Chandran <>
>Organization: Siemens Information Systems Ltd.
>X-Mailer: Mozilla 4.79 [en] (WinNT; U)
>X-Accept-Language: en,en-US,en-GB,ml
>MIME-Version: 1.0
>Subject: Ports->Process on Win NT/2k
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>Hi All,
> Is there any utility which provides information on the owner(?)
>of a socket on Win NT/2k? What I want, is to find out which process has
>opened a socket on the machine. For example, if netstat shows that a
>process is listening on port 80, I should be able to use this utility
>and find out what that process is.
>Hve a nice day,
>Keep me away from the wisdom which does not cry, the philosophy which
>does not laugh and the greatness which does not bow before children.
> -Kahlil Gibran, mystic, poet and artist (1883-1931)
>R Pradeep Chandran