2 minute guide to detecting Spyware nasties on your PC with Netstat
This is very easy to do and with the help of Netstat which is already installed on Windows XP will detect to see if you have Spyware, Malware or anything else that shouldn’t be running on your computer
1. Close all your applications down but stay connected to the internet so you only have your desktop screen showing.
2. Press the windows key, keep it depressed and at then press R, this should bring up the run command. Or you could press Start>all programs>accessories>command prompt.
3. Type cmd and click OK, this will bring up a black screen as shown below
4. Then type cd \ this will take you to the root directory, to clear the screen you can type cls, this is optional, you should now see this screen
5. Now type netstat and press the spacebar, then type –b (it will look like this “netstat –b”) hit enter and you will see a list of any active connections (that is any applications connecting to the internet), these are shown on the left hand side of the screen within the [ ] brackets, if you are only connected to the internet with nothing running then you will have very little showing on Netstat. However if you have an antivirus program running you might see something like [ashwebSV.exe] or [nortonSV.exe] but that depends on the antivirus software you have and if its trying to connect to the internet at the time.
6. If you have anything else running and you don’t recognise it or it just doesn’t look right then do a Google search to find out what it is, if it is Spyware, Malware or something else then get rid of it using your Spyware application (and I hope you have one installed).
7. Another good tip is to run Netstat every now and again without closing your applications to keep a check on what applications are connecting to the internet.
8. If you want to, you can copy the Netstat list to a text file by typing netstat then space –b another space then type > space then type netstat.txt (which would look like this “netstat –b > netstat.txt”) on the command line and this will copy the netstat list to your root c: drive. All you then have to do is open My computer and click on the C: drive and you will see a file called netstat.txt click on it and you will see the Netstat list.
Popularity: 71% [?]
Subscribe to Informationaddicts via RSS
November 16th, 2007 at 7:43 am
jsanderz,
Thanks for this little tip, netstat is an excellent tool for the job.
Excellent site by the way.
November 16th, 2007 at 7:51 am
rich,
I am glad you like it, I have more excellent tips to come.
Regards.
November 16th, 2007 at 9:29 pm
Good tip, I personally always use netstat - a, but never thought of sending it to a txt, thats a useful little command that not many people know, it’s always the first thing I refer to when I suspect anything suspicious is happening on a system.
November 18th, 2007 at 9:54 am
Aaron,
I am glad I could help.
Regards.
Jsanderz
November 19th, 2007 at 9:42 pm
You might also want to add “-n” to stop it from doing reverse dns lookup and speed netstat up a little bit.
November 19th, 2007 at 10:45 pm
I knew about the netstat command (dos > windows), but not the -b command, so I’d only see IPs and addresses and such (the -a flag thingy). Good tip.
November 20th, 2007 at 8:44 pm
Or, you could install Ubuntu and not ever worry about spyware again.
http://ubuntu.com
November 23rd, 2007 at 9:43 am
nice tip…
November 25th, 2007 at 2:56 pm
open notepad and type into it:
@echo off
netstat -b
pause
save notepad as netstat.bat, double click it when ever you want to run it…
also if your not familiar with a command /? is very useful to see all available options.
November 26th, 2007 at 12:10 pm
Grey,
Thanks for sharing this great tip.
Regards.
November 26th, 2007 at 2:20 pm
oops… sorry, you can’t rename the .bat file as netstat, it will kill it. i renamed it netstats.bat when testing and it works but netstat.bat fails…
probably cause the file name is used elsewhere in windows… whogonnaknow…
November 27th, 2007 at 3:47 am
For those who use Google Desktop, there is a nice gadget that does this live.
http://desktop.google.com/plugins/i/netstat.html?hl=en
You can configure it’s update speed or pause it until you need it again.
November 27th, 2007 at 12:47 pm
Satya,
Thanks for the tip, I will give it a try.
Regards.
December 6th, 2007 at 1:35 am
[…] Information Addicts » Blog Archive » 2 minute guide to detecting Spyware nasties on your…This is basic, but what the heck. […]
January 5th, 2008 at 8:09 am
The reason you can’t use netstat.bat isn’t because its already in use its because in the batch file you are calling “netstat”. It enters a loop where it keeps running it constantly without actually returning any results since its not calling the correct netstat. You can fix this easily enough by using the following instead:
@echo off
netstat.exe -b
pause
That will prevent it calling netstat.bat. Or you can use the absolute path of C:\windows\system32\netstat.exe -b. Its a good idea to have the .exe on the end so if any malware starts dropping a netstat.com you don’t need to worry about it executing the dummy version. Using the absolute path will prevent a netstat.exe being placed in a directory that is searched before the system32 folder. To check the precedence you can just open up a command prompt and type in PATH.