Here i will show you How to find if you are infected by and RAT or KeyLogger.
RAT and Keyloggers are hacking methods to spy any computer or mobile phones also. This type of softwares normally send by to the target computer through any image or in some kind of softwares. When our computer is get start they starts automatically, Using startup option. If you have any doubt that there is some keylogger or RAT then in this post i will teach you how to find them and remove from spying or hack your system.
HERE WE GO:
1. Now every program has their own process which can be seen on task manager. So the first thing to do is to find out which process the Trojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that.
2. If you cant find, then the next thing you can do is use cmd (to open cmd prompt, Click on Start--->Accessories-->Command prompt).
3. Once Command Prompt is opened, use this command: netstat -an |find /i "listening"
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool!
Now we wonder What this Command does? This command will show all the opening ports. Now check for any unknown port.
4. You can skip step 3 if you want, and can do this instead.
Open command prompt and type netstat -b
Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored (hidden ports to get administrative command on your system).
5. Go to your task manager. On the top of it, click on View---> select Column---> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also. Now make a list of suspicious Programs in task manager and find that if they are key-logger or RAT or not? and now you have to switch of them to start on startup.
How to delete them from start up? I have two methods here.
I) Go to regedit ---> HKLM\Software\Microsoft\
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCU\Software\Microsoft\
II) Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.
That's all hope this post will work for you be safe from RAT, Key-Loggers and other Trojans also.
RAT and Keyloggers are hacking methods to spy any computer or mobile phones also. This type of softwares normally send by to the target computer through any image or in some kind of softwares. When our computer is get start they starts automatically, Using startup option. If you have any doubt that there is some keylogger or RAT then in this post i will teach you how to find them and remove from spying or hack your system.
HERE WE GO:
1. Now every program has their own process which can be seen on task manager. So the first thing to do is to find out which process the Trojan is being attached to. If you see some unknown process search that on google. A good hacker will always makes sure he hides its process with a Windows based Process, for eg. svchost.exe or something like that.
2. If you cant find, then the next thing you can do is use cmd (to open cmd prompt, Click on Start--->Accessories-->Command prompt).
3. Once Command Prompt is opened, use this command: netstat -an |find /i "listening"
Note: The NETSTAT command will show you whatever ports are open or in use, but it is NOT a port scanning tool!
Now we wonder What this Command does? This command will show all the opening ports. Now check for any unknown port.
4. You can skip step 3 if you want, and can do this instead.
Open command prompt and type netstat -b
Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored (hidden ports to get administrative command on your system).
5. Go to your task manager. On the top of it, click on View---> select Column---> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also. Now make a list of suspicious Programs in task manager and find that if they are key-logger or RAT or not? and now you have to switch of them to start on startup.
How to delete them from start up? I have two methods here.
I) Go to regedit ---> HKLM\Software\Microsoft\
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCU\Software\Microsoft\
II) Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.
That's all hope this post will work for you be safe from RAT, Key-Loggers and other Trojans also.
No comments:
Post a Comment