Friday, 14 February 2014

Detecting Rats & Keyloggers Using CMD And Task Manager

In this tutorial, I'll be showing you the easiest way of finding out malicious applications installed on your PC that transfer data using the internet without you knowing it.

As stated in the title, we'll be using TaskManager and CMD for the purposes of this tutorial.

Part 1 :- Customizing Taskbar

1. To get started, open up your TaskManager by right clicking your TaskBar and selecting TaskManager or just hit CTRL+ALT+DEL to get it open.

2. Once that is done, click the "Processes" tab of your TaskManager and click View -> Select Columns -> Make sure that "Process Identifier(PID)" is ticked.

Pic :- http://bit.ly/1d0oijj

3. Now click the PID column to make sure that all the processes are sorted in a specific order. This step is not necessary, but it will make it easier for you to detect processes using their IDs.

Pic :- http://bit.ly/HiyQ1A

Part 2 :- Using CMD

Once you've done that right, we're going to move on to part 2 of our tutorial, which is using CMD to view established connections.

Assuming you know how to open up CMD, I'm just going to rush through step 1.

1. Start -> Run -> CMD
OR
Just type in cmd in the searchbar if you're running a system powered by Windows7.

2. Once cmd is open, I want you to type in "netstat -ano".
Your result should be something like this:

Pic :- http://bit.ly/1a8Zhnl

3. Now what we're interested in are only the connections with the state "ESTABLISHED".
Isolate them out and look for the PID right next to them. There will be many connections with "ESTABLISHED" state, you'll have to repeat the following steps for all of them.

Pic :- http://bit.ly/1a1ZcvP

This is the fun part. Now go back to the TaskManager and look for the name of the process(es) that has the same PID(s) as the one you found with the ESTABLISHED connection(s)

Pic :- http://bit.ly/HgdPFM

In the above case, it's a safe and trusted application known as Dropbox, so I'm good. But incase you find a process which you do not know, if it's something like svchost.exe that you're sure is infected, right click the process and select "Open File Location".

Now all you have to do is right click the file and scan it using your AV or upload it to an online scanner such as VirusTotal.com and check if it's infected.

Pic :- http://bit.ly/HiztZ8

It's as easy as that.

Hope you find this useful.

How to find crack using Google search?

Everyone likes to use softwares for free. But the Best softwares cost you. They may provide trial version. But what is the use? you can use it for only limited time or limited functions. Crack will change the trial version software to the complete softwares. So you can work without any restrictions. But it is difficult to find the crack for the software. isn't it?

So i will post one simple google search trick to get the cracks for software.

type in google search engine as:
"crack: software_name version" (without quotes)
Change the software_name with your software name.

For eg:

Crack: flasheditor 1.0

Popular Posts