1.Open command prompt and type netstat -b
Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.
2. Go to your task manager. On the top of it, click on View—> select Column—> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.
Now most of the RATs resides on Start up. How to delete them from start up?
a) Go to regedit —> HKLMSoftwareCurrent versionRun
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCUSoftwareCurrent VersionRun
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.
delete all unkown .exe process..!!
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment