Pinoy Dating Site Nav Seperator Scholarship Nav Seperator Technology Today Nav Seperator Free E-Books Nav Seperator Leading Sites

Symbianize

RegisterNav Seperator Forum GuidelinesNav Seperator FAQ Nav Seperator Mark Forums ReadNav Seperator


Symbianize » Computer Zone » PC Hardware Chat » Malaman na ikaw ay iNfected


PC Hardware Chat All topics pertaining to computer hardware chat and support. Ask or share anything about installation, troubleshooting, tweaks, tips, guides, documentations, news, and inquiries.

Reply
Thread Tools
 
  #1  
Old 13th May 2011 Fri, 03:06
silentcuteb0y14's Avatar
silentcuteb0y14 Male silentcuteb0y14 is offline
The Grand Master
  
Join Date: Dec 2009
Location: Secret
Posts: 4,054
Reputation: silentcuteb0y14 is an unknown quantity at this point
Default Malaman na ikaw ay iNfected
First credit to rukas of HF



Ever download something new? And your so excited about it, and you just run the setup.exe, or the program itself? Realizing afterward, that you didn't check it first with novirusthanks.org?

Well here's a few things to do:


--Open up Task Manager,
--Click the "Processes" tab
--Then "View" > "Select Columns"
--Then click the box that says PID (Process Identifier)
--Now click start, run, and type "CMD"
--Then type "netstat -b"
(Shows the active connections with there PID)
--Then type "netstat -an |find /i "listening"
(Shows open Ports, look for a matching port from the two commands, and take note of the process)

An Example would be as follows: netstat -b command




----------------------------------------------------------------------
Active Connections

Proto Local Address Foreign Address State PID

TCP xpwindows7:PORT Localhost:PORT Established 2560
[firefox.exe]
----------------------------------------------------------------------

An Example Of: netstat -an |find /i "listening"

----------------------------------------------------------------------
C:\Documents and Settings\User>netstat -an |find /i "listening"
TCP x.x.x.x:PORT x.x.x.x:PORT Listening
TCP x.x.x.x:PORT x.x.x.x:PORT Listening
TCP x.x.x.x:PORT x.x.x.x:PORT Listening
TCP x.x.x.x:PORT x.x.x.x:PORT Listening
----------------------------------------------------------------------

These Commands tell you in the most basic form if you have an unidentified process connecting to a foreign address.

If you notice that something IS connecting out, take note of the process, Foreign Address, and PID. Match the PID with the PID under Task Manager, and end that process.

You can also manually look for it in start up. This is where most Viruses like to hide.

Step 1
-------
What your going to do in these next steps, is look for that process that you noticed was "Abnormal" or connecting out.

Click Start, RUN, and type regedit. There are Two places you can check for that specific process.

Here--HKLM\Software\Microsoft\Windows\Current version\Run

Look on the right side, for the process you identified earlier, as UNKNOWN. If you do not

find it there, check,

Here--HKCU\Software\Microsoft\Windows\Current Version\Run

If you still dont find it, Click Start, Run, Type msconfig, and click the START UP tab.
Scroll down the list of items, and look for the process. If you find it Uncheck the box and apply.

Once you delete it from start up, i would recommend scanning your computer with MalwareBytes or SUPERAntiSpyware. This will clean up any and all remaining files that were associated with the virus.




Last edited by silentcuteb0y14; 13th May 2011 Fri at 05:23..
Reply With Quote
Other Resources
Reply

« Previous Thread | Next Thread »
Thread Tools

Forum Jump


All times are GMT +8. The time now is 14:26.

Contact Us - Symbianize - Sitemap - Privacy Policy - Top



vBulletin ©2000 - 2013, Jelsoft Enterprises Ltd.
Symbianize.com ©2006 - 2013, Symbianize PH