My last post was about looking for basic signs of malware infections: 6 Signs Of Malware Infections
That post was a little introduction, about how to know if a virus and other sort of malware is on your computer.
Now, we are going to use utilities to look for that creepy software.
I am sure that many of you are thinking, why I need to know all of this stuff if I have an antivirus?
The answer is pretty simple: many times these applications cannot remove the virus, so it is very useful to know other ways to get rid of infections.
We are going to use free utilities that exists in the operating system that can reveal if any undesired program is in your computer.
I have written about this utility before in some articles. Netstat is a very powerful tool when it comes to find why the machine is experiencing strange behaviour.
To use it, you need to run the command prompt as an administrator: Click the Start button, click Accessories, right-click Command Prompt, and click Run as administrator.
Use the command netstat -b to show the current open connections and the process that is creating the connection; if you see any suspicious processes, use Google to know if it is dangerous.
What is a suspicious program? This is a very complicated question but on Google you can find information about any process so use it to help you.
Here is the list that appears when Internet Explorer contacts MSN.com:
You can use netstat -a | findstr “LISTENING” to display the listening TCP ports:
For UDP ports type netstat -a | findstr “UDP”:
To know which processes are opening ports use netstat -ab. A port is open by a program waiting for information from the network. In this case many malware, for example trojans, use this technique to communicate with the person that wants to control your computer.
As many of you know, System Configuration is a utility that can be used to know what exactly is load at start up. It is not an advanced utility but is a free one.
To open it, press WinKey + R, type msconfig and press Enter.
Go to the Services Tab:
If you click on Hide all Microsoft Services, the list will not show the services that are from Microsoft. In this case as I am using a new computer so there is not anything from a different manufacturer. As the majority of services on your computer are from Microsoft, with this option enabled, is easier to find if some unexpected software is running in your computer.
If you go to the Startup tab, there is a list of the applications that the operating system will load when the computer starts up. If you see something strange you can clear its check box and it will be disabled.
Windows Task Manager
This is another classic one, to use it press WinKey + R, type taskmgr and press Enter (or press Ctrl+Shift+Esc.)
If you go to Processes tab the next window will appear:
Check Show processes from all users to see a full list:
You can use Google to look for what each process is doing.
One of the problems with the utility is you cannot know the command line used to create a process. For example you cannot control the differences between svchost instances.
I hope these tools help you with your investigation to check whether your PC is infected with a virus.