GMAIL How to Detect Viruses installed on your PC | Security Learner's Blog

Wednesday, 19 March 2014

How to Detect Viruses installed on your PC

In this tutorial, I'll show you the easiest way of finding out malicious applications installed on your PC that transfer data using the internet without you knowing it.

As stated in the title, we'll use TaskManager and CMD for the purposes of this tutorial.

Part I: Customizing Task Manager.

1. To get started, open up your TaskManager by right clicking your TaskBar and selecting TaskManager or just hit CTRL+ALT+DEL to get it open.
2. Once that is done, click the <Processes> tab of your TaskManager and click View > Select Columns > Make sure that <Process Identifier(PID)> is ticked.
3. Now click the PID column to make sure that all the processes are sorted in a specific order. This step is not necessary, but it will make it easier for you to detect processes using their IDs.

Part II: Using CMD.

Once you have done that right, we are going to use CMD to view established connections.

1. 1. Start > Run > CMD
Or just type 'cmd' in the searchbar if you are running a system powered by Windows7.

2. Once cmd is open, type:
netstat -ano
3. Now what we are interested in are only the connections with the state <ESTABLISHED>.
Isolate them out and look for the PID right next to them. There will be many connections with <ESTABLISHED> state, you will have to repeat the following steps for all of them.

Part III: The fun part

Now go back to the TaskManager and look for the name of the process(es) that has the same PID(s) as the one you found with the ESTABLISHED connection(s).

1. In the image number 1 you can see a safe and trusted application known as Dropbox, so we are good. But incase you find a process which you do not know, if it's something like 'svchost.exe' that you can be sure it is infected > right click the process and select <Open File Location>.
2. Now all you have to do is right click the file and scan it using your AV or upload it to online scanner such as VirusTotal.com and check if it's infected.

--
That's all in this tutorial.
Hope you found it useful!

FIDA HUSSAIN

I am Fida Hussain,a computer student from Pakistan. Right from the day one I was introduced to computers,I had a passion for Hacking and Information security. So,I started this blog in 2012 to share my views and ideas with the world.

0 comments :

Post a Comment

 

Security Learner's Blog

Designed by Fida Hussain
This content is DMCA Protected.Copying or reproducing of procedure is prohibited.Do Not Copy!!