s0rbit0l
New Member
I have somebody accessing my pc using wmiprvse.exe
They are using a moded version of this genuine windows file as a trojan.
I need to find out where that information is going to (It is keylogging and sending other information, I am pretty sure through outlook).
I need to find out (or use some sort of apps) to monitor what this file is doing, where it came from, and especially who it's talking too.
We used netstat but it hasn't helped us out much...
So please post some sort of port monitoring apps, some sort of app to see where the files information is going. Or even web sites with information on this kind of stuff. But anything will help us out at this point.
Thank you, Ryan Hanvey
They are using a moded version of this genuine windows file as a trojan.
I need to find out where that information is going to (It is keylogging and sending other information, I am pretty sure through outlook).
I need to find out (or use some sort of apps) to monitor what this file is doing, where it came from, and especially who it's talking too.
We used netstat but it hasn't helped us out much...
So please post some sort of port monitoring apps, some sort of app to see where the files information is going. Or even web sites with information on this kind of stuff. But anything will help us out at this point.
Thank you, Ryan Hanvey
