Sunday, April 17, 2011

1.Open command prompt and type netstat -b

 Tutorial   How to Know If You Are infected With RATs or Keyloggers

Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.
2. Go to your task manager. On the top of it, click on View�> select Column�> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.
 Tutorial   How to Know If You Are infected With RATs or Keyloggers
Now most of the RATs resides on Start up. How to delete them from start up?
a) Go to regedit �> HKLMSoftwareMicrosoftWindowsCurrent versionRun
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCUSoftwareMicrosoftWindowsCurrent VersionRun
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.
 Tutorial   How to Know If You Are infected With RATs or Keyloggers
delete all unkown .exe process..!!

0 comments:

Post a Comment