Find viruses using Windows netstat feature

sometimes people want to know if they are infected by a RAT or something.We must have some alternatives to protect our private data other than third party software.This tutorial may help you to prevent such kinds of threats from being your system unstable!

Find viruses using Windows netstat feature

Steps you have to perform

1. Open Task Manager (ctrl+alt+del OR ctrl+shift+esc). Go to the processes tab, click View from menu bar & click on Select Columns.

2. Check the PID (Process Identifier) checkbox .

3. Now, organize Task Manager by PID by clicking over PID from columns names as shown below. This will make things easier to read for the next step.

4. Open command prompt from start menu. Enter command as "netstat -ano". It will display all the processes which are listening or establishing connection to network.

Only look for ESTABLISHED connections (it would be established if its a RAT or malicious), read the PID and crosscheck into Task Manager. Notice in my example that the only established connections use the PID 424. Lets take a look at what that is:

As we can see, its Firefox. Now lets say you notice the PID reads something like "svchost.exe". You should open the file location by right clicking it and pressing Open File Location and either scan it with Virustotal or check to see if in its legit location (if it was in Appdata or Program Files and it is svchost.exe, then you may have a problem).