ThreatCheck released

[Callender]

Quote:

What does ThreatCHECK do?

ThreatCHECK monitors what IP addresses your computer is talking to by repeatedly running the ‘netstat’ command utility for a fixed period of time. This is a totally passive action that has no effect on communications to or from the computer.

When the time period is over, the ‘View full report’ option uploads the data to ThreatSTOP’s website where we cross correlate it with our database to find out if we know anything about the IP addresses your computer has been talking to

Note: To access full reports your email address is required. You can use a disposable email address.

If you use your personal email address expect to receive marketing emails offering to sell you their realtime ip reputation and blocking service - named ThreatStop.

The download is a single executable - no installation required. Run the executable to access the GUI:



The short test takes 15 minutes to complete. The other tests will take longer. You can specify the amount of time to test via the command line:

threatcheck.exe/t N

where N is the number of minutes.

I ran ThreatCheck for 4 minutes:



Results: (via email link)



Checking the ip address results on VirusTotal:

https://www.virustotal.com/en/ip-address/198.101.228.146/information/

Ironically it resolves to olark dot com and appears to have been triggered by ThreatCheck's "Talk to an analyst" button.



Running another utility - CrowdInspect reveals the following:



In this case it's nothing to worry about.

ThreatCheck could be a useful tool if you think you've got problems!

ThreatCheck FAQ

ThreatCheck Download

 

[ICIT2LOL]

Chris I think I gathered that is your name mate I have just answered an old post and I maybe would have advised the OP to use this as she opened a suspect email. Would this have picked that up?? My and possibly others only concern would be that one has to send what our machines have been viewing and it might be embarrassing for some I suppose - or have I got it wrong??

 

[Callender]

ThreatCheck usage

You got the name right!

Anyway the suggested way to use the program is to leave the machine switched on overnight when it's not being used and let the connections get monitored for the whole night to see if it picks up any suspicious activity.

So regardless of malware being present and undetected - the results should show if any data was possibly sent to suspicious ip addresses at any time.

The downside is that it requires email registration.

No personal user data is sent - it only monitors the ip addresses that a machine connects to and checks them against databases of those that are known to be malicious or suspicious.

For removal of any potential malware the usual methods are needed.

So to sum up - ThreatCheck checks for suspicious connections even though the onboard AV might report that the machine is clean. (Maybe it's missed something)

 

[ICIT2LOL]

Ok Chris well I got the name from one of the attachments can't see it now but anyway what you have described looks pretty good to me and as for divulging ones email address well it isn't going to work if one doesn't eh??
Mate I like it and when I get chance I shall try it out on one of my desktops at home - on my laptop for most of the time cos I am living away and like I said I might even refer that poster to your site because it involved someone asking he to change her passwords and yep she did and now has this problem of it being there all the time. I have advised her on a few things to do and am waiting for a reply now.

 

[Mellon Head]

I tried it out. It refuses to let me use a Hotmail address for some reason. Says the address contains "reserved words."

Seems like a good idea otherwise.

 

[Callender]

Email attachments?

I know that Windows 7 will allow user to open email attachments even if they haven't been scanned. Luckily this behaviour can be changed.

Learn how to set Windows 7 to notify antivirus programs when it opens and attachment.

If it was a link in an email that was clicked on then it's down to onboard security. Personally I use an add on to check suspicious links contained in emails. Even if they're clean I copy them into my browser rather than clicking on them!

 

[Callender]

Reserved words?

I tried it out. It refuses to let me use a Hotmail address for some reason. Says the address contains "reserved words."

Seems like a good idea otherwise.

That's odd! If you're email address contains special characters, spaces or underscores I suppose that it could cause the problem when registering. Personally I use disposable email addresses when signing up for this type of thing.

 

[Mellon Head]

I tried it out. It refuses to let me use a Hotmail address for some reason. Says the address contains "reserved words."

Seems like a good idea otherwise.

That's odd! If you're email address contains special characters, spaces or underscores I suppose that it could cause the problem when registering. Personally I use disposable email addresses when signing up for this type of thing.

Yeah. My Hotmail address is my disposable one, and it has no special characters, but it won't let me use it. It's weird. I would have liked to have seen the results. There were a couple of anomalies...

 

[Callender]

Hotmail issues?

It's strange that they don't accept hotmail. You could just copy the ip addresses to your clipboard and check them yourself. If you modify the VT link in the first post you can just copy and paste the ip address into it.