How to Know If Hacker Attack on your pc/ you are infected with Rat or keylogger
1.Open command prompt and type netstat -b
Now this command will show you the active connections with the process with their PID (Process Identifier) and also the packets.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.
2. Go to your task manager. On the top of it, click on View—> select Column—> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.
Look out for SYN Packets and the Foreign address its been connecting with , check the process its been associated with, check the ports also. If you find that its connecting to some unknown ports, then you can say you have been backdoored.
2. Go to your task manager. On the top of it, click on View—> select Column—> Tick on PID (Process Identifier).
Match the suspicious Process with the Processes In task manager, check PID also.
Now most of the RATs resides on Start up. How to delete them from start up?
a) Go to regedit —> HKLMSoftwareMicrosoftWindowsCurrent versionRun
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCUSoftwareMicrosoftWindowsCurrent VersionRun
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.
a) Go to regedit —> HKLMSoftwareMicrosoftWindowsCurrent versionRun
On the Right hand side, check for the process name which you find on step 4. if its not their. Check at
HKCUSoftwareMicrosoftWindowsCurrent VersionRun
OR
Open Cmd prompt & type start msconfig. Go to Startup tab, you can check the startup process there.
0 comments:
Post a Comment