Check Whether You're Infected or Not by Netstat
Category
worthy hacks
Hi all users, This is a very simple method
to check whether we're infected by any RAT or something or not, the
best thing is that we don't need to use any external tool for doing
this, we'll only need to have inbuilt 'Task Manager' to find out if
we've any problem or not. So lets get started.
PART 1 - Preparing Task Manager
Open Task Manager (ctrl+alt+del). Go to the processes column and click View > Select Columns.
PART 1 - Preparing Task Manager
Open Task Manager (ctrl+alt+del). Go to the processes column and click View > Select Columns.
Check the top one PID (Process Identifier)
Now, organize Task Manager by PID. This will make things easier to read for the next step
PART 2 - Using Netstat to See Established Connections
Now you want to go into Start > Run > cmd > "netstat -ano". It should look similar to the picture below:
Now you want to go into Start > Run > cmd > "netstat -ano". It should look similar to the picture below:
Click on image to enlarge
Only look for ESTABLISHED connections (it would be established if its a
RAT or malicious), read the PID and crosscheck into Task Manager. Notice
in my example that the only established connections use the PID 424.
Lets take a look at what that is:
Click on image to enlarge
As we can see, its Firefox. Now lets say you notice the PID reads
something like "svchost.exe". You should open the file location by right
clicking it and pressing Open File Location and either scan it with
Virustotal or check to see if in its legit location (if it was in
Appdata or Program Files and it is svchost.exe, then you may have a
problem).
Hope this helped some of you out and good luck
Hope this helped some of you out and good luck
Credit : cobija & hackyer
Enjoy.......
Ref: http://www.egyhacks.net/2012/06/check-whether-youre-infected-or-not-by.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+Egyhacksnet+%28egyhacks.net%29
0 comments:
Post a Comment