Sunday 17 August 2014

Find viruses using Windows netstat feature


sometimes people want to know if they are infected by a RAT or something.We must have some alternatives to protect our private data other than third party software.This tutorial may help you to prevent such kinds of threats from being your system unstable!


Find viruses using Windows netstat feature
Find Viruses Using Windows Netstat Feature_FunWidTricks.Com

Steps you have to perform
1. Open Task Manager (ctrl+alt+del OR ctrl+shift+esc). Go to the processes tab, click View from menu bar & click on Select Columns.

Find Viruses Using Windows Netstat Feature_FunWidTricks.Com

2. Check the PID (Process Identifier) checkbox .

Find Viruses Using Windows Netstat Feature_FunWidTricks.Com


3. Now, organize Task Manager by PID by clicking over PID from columns names as shown below. This will make things easier to read for the next step.

Find Viruses Using Windows Netstat Feature_FunWidTricks.Com

4. Open command prompt from start menu. Enter command as "netstat -ano". It will display all the processes which are listening or establishing connection to network.

Find Viruses Using Windows Netstat Feature_FunWidTricks.Com

Only look for ESTABLISHED connections (it would be established if its a RAT or malicious), read the PID and crosscheck into Task Manager. Notice in my example that the only established connections use the PID 424. Lets take a look at what that is:

As we can see, its Firefox. Now lets say you notice the PID reads something like "svchost.exe". You should open the file location by right clicking it and pressing Open File Location and either scan it with Virustotal or check to see if in its legit location (if it was in Appdata or Program Files and it is svchost.exe, then you may have a problem).

No comments:

Post a Comment