Re: Hidden processes in windows



Hi Raja,

Rootkits can help do your job successfully.

Most rootkits typically hide files, processes, network connections,
blocks of memory or Windows Registry entries from other programs used
by system administrators to detect specially privileged accesses to
computer system resources. This is one of the features of Rootkits.

To detect hidden processes, you need to have Anti-Rootkits or third
party softwares which don't use system binaries or DLLs, EXEs to
execute. One such excellent tool is 'SysInternals' from Microsoft.
Other ones being tools available from Helix Forensics CD. And there
are more such tools.

More Info:

SysInternals: http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

Rootkits: http://www.rootkit.com/
http://en.wikipedia.org/wiki/Rootkit

Detect Hidden Processes in Windows:
http://www.raymond.cc/blog/archives/2008/05/27/detect-hidden-process-and-rootkit-with-deepmonitor/

Helix: http://distrowatch.com/table.php?distribution=helix

Hope this helps!

---
Nikhil Wagholikar
Practice Lead | Security Assessments & Digital Forensics
Network Intelligence India Pvt. Ltd. [NII Consulting]
Web: http://www.niiconsulting.com/
Comprehensive Information Security Training
http://www.iisecurity.in/courses/Training%20Calendar.html

On 27 May 2010 14:10, Raja <raja1.it.consultant@xxxxxxxxx> wrote:

Hi,

Is there anyone know about how to hide the processes and how to detect hidden processes in windows? The processes shouldn't showup in taskmanager and output of tasklist command.
FYI, hiding doesn't mean attaching a process to a legitimate process.

Thanks,
Raja


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: No Defense Against Windows Rootkits?
    ... "Spyware bad guys started using rootkits ... the technology to defend a Windows system from these things is very poor. ... justification for "...emphasizing my point that open- or closed-source is ... in people running their accounts with local admin privs. ...
    (alt.computer.security)
  • Re: Hidden windows ports, files and services.
    ... Try using some tools that aren't affected by rootkits. ... Using the 'standard' tools like you have done will yeild little if no ... Hidden windows ports, files and services. ...
    (Security-Basics)
  • [Full-Disclosure] RKDetect - behaviour based rootkit detection utility
    ... Rkdetect is a little anomaly detection tool which can find services hidden by generic Windows rootkits like Hacker Defender. ...
    (Full-Disclosure)
  • Re: Microsoft Says Recovery from Malware Becoming Impossible
    ... The truth is that malware is 99.9 % a Windows problem. ... privileges but in Windows, especially "home" additions do. ... but we ARE talking about rootkits. ...
    (microsoft.public.security)
  • Re: RootKit Revealer Tool
    ... RootKits can get past Windows File Protection. ... : removing Malware don't apply. ... so normal scanning tools and detectors are unable to locate them. ...
    (microsoft.public.windowsxp.general)