processes are located on your disk. If a "non-Microsoft" .exe file is located in the
C:\Windows or C:\Windows\System32 folder, then there is a high risk for a virus, spyware,
trojan or worm infection! Check it out!
From Cmd Prompt type: netstat -ano (from window 7, start/programs/accessories/CMD prompt/type: netstat -ano then enter) or go to start, type CMD, click CMD.exe and type: netstat -ano then enter.
You can then use Task Manager to identify the process that is associated with the PID.
By default, Task Manager does not display the PID that is associated with a process.
To display a PID in Task Manager, follow these steps: Press CTRL+ALT+DELETE, and then click Task Manager. In Task Manager, click the Process tab, click View, and then click Select Columns.
In the Select Columns dialog box, click to select the PID (Process Identifier) check box,
and then click OK. You see that the PID column has been added to the Process tab. You can
now locate the PID and the corresponding executable file that started the process in Task Manager.
If you have an established connection it's possible you been hacked!
In the CMD prompt you will see a list of active connections as shown below. The established state represents a fully established connection. Just make sure that the established connection is a true Microsoft .exe file.
Or in the CMD prompt check suspicious IP addresses by looking in the third column. The foreign address refers to the location of the connection destination.
You can search IP addresses at http://www.findip-address.com
Active Connections Description:
http://www.icheckinu.com
No comments:
Post a Comment