ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 20675

[TUT] How to find infected files on your PC

by deverx - 02-25-2016 - 07:33 PM
#1
In this tutorial, I'll be showing you the easiest way of finding out malicious applications installed on your PC that transfer data using the internet without you knowing it.


As stated in the title, we'll be using TaskManager and CMD for the purposes of this tutorial.

[Image: EU1A3x6.png]
1. To get started, open up your TaskManager by right clicking your TaskBar and selecting TaskManager or just hit CTRL+ALT+DEL to get it open.


2. Once that is done, click the "Processes" tab of your TaskManager and click View -> Select Columns -> Make sure that "Process Identifier(PID)" is ticked.

[Image: So5iBIG.png]

3. Now click the PID column to make sure that all the processes are sorted in a specific order. This step is not necessary, but it will make it easier for you to detect processes using their IDs.
[Image: Iz3VtpJ.png]

[Image: pmv2ItE.png]
Once you've done that right, we're going to move on to part 2 of our tutorial, which is using CMD to view established connections.



Assuming you know how to open up CMD, I'm just going to rush through step 1.

1. Start -> Run -> CMD

OR
Just type in cmd in the searchbar if you're running a system powered by Windows7.

2. Once cmd is open, I want you to type in "netstat -ano".
Your result should be something like this:
[Image: 75xp0C4.png]

3. Now what we're interested in are only the connections with the state "ESTABLISHED".

Isolate them out and look for the PID right next to them. There will be many connections with "ESTABLISHED" state, you'll have to repeat the following steps for all of them.
[Image: 2U2fQNs.png]

This is the fun part. Now go back to the TaskManager and look for the name of the process(es) that has the same PID(s) as the one you found with the ESTABLISHED connection(s).
[Image: mSBPnZn.png]

In the above case, it's a safe and trusted application known as Dropbox, so I'm good. But incase you find a process which you do not know, if it's something like svchost.exe that you're sure is infected, right click the process and select "Open File Location".


Now all you have to do is right click the file and scan it using your AV or upload it to an online scanner such as VirusTotal.com and check if it's infected.
[Image: ycn4yyH.png]

It's as easy as that.
Hope you find this useful.
Hidden Content
You must register or login to view this content.

Reply
#2
Pretty cool, time to delete those roblox exploit rats :0
Jacked by Red @ https://pulses.xyz/
Reply
#3
(02-25-2016 - 08:30 PM)Graphics Wrote: Pretty cool, time to delete those roblox exploit rats :0
Yes lol, and should I use hide tags?
Reply
#4
(02-25-2016 - 08:38 PM)deverx Wrote:
(02-25-2016 - 08:30 PM)Graphics Wrote: Pretty cool, time to delete those roblox exploit rats :0
Yes lol, and should I use hide tags?

Nah, keep this one free
Jacked by Red @ https://pulses.xyz/
Reply
#5
Thanks for the guide.
[Image: hoMDRFm.gif]
Reply
#6
(02-25-2016 - 08:38 PM)Graphics Wrote:
(02-25-2016 - 08:38 PM)deverx Wrote:
(02-25-2016 - 08:30 PM)Graphics Wrote: Pretty cool, time to delete those roblox exploit rats :0
Yes lol, and should I use hide tags?

Nah, keep this one free
I used hide tags on a small bit.

(02-25-2016 - 08:43 PM)Gess Wrote: Thanks for the guide.
You're very welcome.
Reply
#7
Nice tutorial, will be using this.
Reply
#8
Nice tutorial! very helpful
Reply
#9
You're welcome @above!
Reply
#10
(03-02-2016 - 07:55 PM)deverx Wrote: You're welcome @above!

Why haven't you gotten the tutorial award?
Reply

Users browsing: 1 Guest(s)