HOWTO: check if malware is secretly connecting to the internet

HOWTO: check if malware is secretly connecting to the internet

Here’s a quick command-line hack that you can run on your Windows boxes to see if there are any unsavory apps running in the background and making internet connections without your knowledge. Just run the following to trace applications which are opening sockets while you’re not using the machine:

  • Start->Run->cmd
  • netstat -b 5 >activity.txt (In XP, use -o instead of -b)
  • Wait a few minutes, then press Ctrl-C
  • type activity.txt | more (or open activity.txt in wordpad)

This will repeatedly run netstat every 5 seconds until you hit Ctrl-C, logging all active TCP/UDP connections (legitimate or otherwise) to the activity.txt file. The -b flag will also show the name of the binary .exe file that’s making the connection. In XP, the -o flag will do similar, showing the process id. If you see any connections being made that don’t look legit, either to strange ip addresses or by processes that look fishy, you can check the task manager to kill it, and then run your virus scanner / anti-malware software to clean things up. [via] Link

Discuss this article with the rest of the community on our Discord server!


Ready to dive into the realm of hands-on innovation? This collection serves as your passport to an exhilarating journey of cutting-edge tinkering and technological marvels, encompassing 15 indispensable books tailored for budding creators.