Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trace suspicious processes (history) /TCPview? or other tool ?


  • Please log in to reply
12 replies to this topic

#1 JohnnyBL

JohnnyBL

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 09 March 2014 - 07:48 PM

Hello people,

 

I have an interesting question I couldnt find the answer yet.

 

I have downloaded TCPview. I can see the recent activities with the ports etc etc.

 

Is there a way I can see a history of those processes ? I mean, if there was a suspicious process running, with the hackers IP , 10 minutes ago, will it all be gone then ?  How will I be able to see if there was no suspicious process was running ?

 

 

If my question needs more clearify , please feel free to ask me to do it.

 

Thank you very much in advance!

 

Johnny



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 09 March 2014 - 09:07 PM

You can save TCPView's output window to a file using the Save menu item. This will allow you to compare the information when running the utility at a later time.These are tools to investigate running processes, programs that run at startup, services and gather additional information to identify them or resolve problems:These tools will provide information about each process, CPU usage, file description and its location. Most of them are stand-alone apps in a zip file so no installation is necessary.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 JohnnyBL

JohnnyBL
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 09 March 2014 - 09:18 PM

Ok thanks for your answer.
 
It is still not clear for me. I will clearify it :
 
I hope i can give  clear example by this:
 
step 1 time 10.15  I have saved  it from the menu (save TCPView's output window to a file using the Save menu item). then closed it. At that time i have a text file wich is reporting, what I had running at 10.15.
step 2 At 11.00 some application/or suspicious stuff ran. and shut down at 11.20 (its not operating anymore )
step 3 At 12.00 I am back at my pc, How can I trace that something ran on my system in between 10.15 and 12.00  ?
 
I hope it was a clear question. I need a sort of history or processing files troughout the time
 
thanks

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 09 March 2014 - 11:10 PM

Process History - How to use Process History
Process Monitor
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 JohnnyBL

JohnnyBL
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 12 March 2014 - 11:38 AM

thanks. although it is a program, wich could be shut down by an hacker. 



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 12 March 2014 - 11:55 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 janstetka

janstetka

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 28 March 2014 - 03:39 PM

Hi,

 

I'm the developer of Process History. Is it possible to get PH listed in your downloads section?

 

Cheers



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 28 March 2014 - 03:49 PM

:welcome: to Bleeping Computer.

If you are an Authorized Company Representative, please read the information I have just sent via PM to your inbox.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 janstetka

janstetka

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 14 June 2014 - 05:41 AM

Process History is now @ http://code.google.com/p/processhistory



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 14 June 2014 - 07:12 AM

Did you ever read the information I sent via PM to your inbox? It provides instructions on how to be recognized here as an Authorized Company Representative.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 janstetka

janstetka

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:14 AM

Posted 15 June 2014 - 05:31 AM

Yes I followed it up but never heard back.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 15 June 2014 - 07:23 AM

I resent the info to your inbox again...I will follow up with Grinler to let him know to expect to hear from you.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:14 AM

Posted 18 June 2014 - 05:07 PM

janstetka,

Grinler said he never received your information...please ensure you resend it so he can take the appropriate action.

Thanks
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users