427 Botnet fm qxd



Download 6,98 Mb.
Pdf ko'rish
bet165/387
Sana03.12.2022
Hajmi6,98 Mb.
#878307
1   ...   161   162   163   164   165   166   167   168   ...   387
Bog'liq
Botnets - The killer web applications

www.syngress.com
198
Chapter 5 • Botnet Detection: Tools and Techniques
427_Botnet_05.qxd 1/9/07 9:59 AM Page 198

Figure 5.7
Results from Virus.org
Now that you’ve gathered the common system logs, it’s time to take a
snapshot of the system using free system utilities from System Internals (now
part of Microsoft). First we run Process Explorer to see what processes are
running. Once it is up, click the 
File
menu and choose 
Save
. Save the file on
the USB memory stick in the folder you made for this system. Name the file
using our naming convention,
Computer Name yymmdd Procexp files.txt.
As Table 5.5 shows, we were able to find explanations for all but one pro-
cess.Ten rows from the bottom you will see a process called iexplorer.exe. It
has no description and no company name. Before we dig any deeper, we
should finish taking the snapshot.
www.syngress.com
Botnet Detection: Tools and Techniques • Chapter 5
199
427_Botnet_05.qxd 1/9/07 9:59 AM Page 199

Table 5.5 
Process Explorer Running Processes
Process
PID
CPU
Description
Company Name
System Idle Process
0
93.36
Interrupts
n/a
1.56
Hardware Interrupts
DPCs
n/a
Deferred Procedure Calls
System
4
0.39
smss.exe
508
Windows NT 
Microsoft Corp.
Session Manager
csrss.exe
620
Client Server 
Microsoft Corp.
Runtime Process
winlogon.exe
884
Windows NT 
Microsoft Corp.
Logon Application
services.exe
944
Services and 
Microsoft Corp.
Controller app
svchost.exe
1180
Generic Host Process Microsoft Corp.
for Win32 Services
wmiprvse.exe
3400
WMI
Microsoft Corp.
svchost.exe
1252
Generic Host Process Microsoft Corp.
for Win32 Services
svchost.exe
1312
Generic Host Process Microsoft Corp.
for Win32 Services
svchost.exe
1364
Generic Host Process Microsoft Corp.
for Win32 Services
svchost.exe
1408
Generic Host Process Microsoft Corp.
for Win32 Services
ccSetMgr.exe
1496
Symantec Settings 
Symantec Corp.
Manager Service
ccEvtMgr.exe
1536
Symantec Event 
Symantec Corp.
Manager Service
spoolsv.exe
1812
Spooler Sub
Microsoft Corp.
System App
msdtc.exe
1836
MS DTCconsole 
Microsoft Corp.
program
DefWatch.exe
224
Virus Definition 
Symantec Corp.
Daemon
svchost.exe
304
Generic Host Process Microsoft Corp.
for Win32 Services
cvd.exe
320
Commvault Systems
sqlservr.exe
400
SQL Server 
Microsoft Corp.
Windows NT

Download 6,98 Mb.

Do'stlaringiz bilan baham:
1   ...   161   162   163   164   165   166   167   168   ...   387



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish