Here’s a quick command-line hack that you can run on your Windows boxes to see if there are any unsavory apps running in the background and making internet connections without your knowledge. Just run the following to trace applications which are opening sockets while you’re not using the machine:

  • Start->Run->cmd
  • netstat -b 5 >activity.txt (In XP, use -o instead of -b)
  • Wait a few minutes, then press Ctrl-C
  • type activity.txt | more (or open activity.txt in wordpad)

This will repeatedly run netstat every 5 seconds until you hit Ctrl-C, logging all active TCP/UDP connections (legitimate or otherwise) to the activity.txt file. The -b flag will also show the name of the binary .exe file that’s making the connection. In XP, the -o flag will do similar, showing the process id. If you see any connections being made that don’t look legit, either to strange ip addresses or by processes that look fishy, you can check the task manager to kill it, and then run your virus scanner / anti-malware software to clean things up. [via] Link