GOOD2USE Knowledge Network Dealing with Spyware

PC Knowledge Base - Dealing with Spyware

Good Knowledge Is Good2Use

After spyware has installed itself, there are three distinct investigative steps to resolve the problem:

Location: Sometimes computers misbehave at random for reasons other than spyware. Installing new drivers, running a new application, or even getting a virus can cause a computer to misbehave. All of these are problems that need resolving, but spyware diagnosis techniques won't help. Therefore, the first step in defeating spyware is to actually locate it and confirm it's spyware.
Diagnosis: You've located a suspicious Registry entry or an unusual executable file, but how do you know what to do next? Just like viruses or normal applications, every piece of spyware is different. Before moving on to the next stage, it's essential to discover exactly which piece of spyware has infected your computer.
Removal: After you know the type of spyware affecting your computer, you can begin the removal process. Whether you use an automated removal application or decide to remove it manually, the process is made far easier by knowing exactly which type of spyware you're working with.

Locate the problem, diagnose it, and then remove or treat it -- almost the same process a doctor would use to treat a disease!

To detect nasty Trojans spyware or any other malware programs that are running and using certain ports on a PC to actually access the internet or activity on the network. Using

netstat -b

which must be run as administrator and produces

a list of executables that are running on the system at the time with active connections the PID, process identifier,
the status of any connection and
the executable file as in AVP, which is a virus program .

Uing the Netstat utility

netstat - ano

Again the connection status is displayed. Having a tatues of ESTABLISHED doesn't necessarily mean the system has been hacked. It is normal to have established connections from perfectly normal functions..

Displaying the Task Manger and selecting View to display the PID numbers it is possible to cross-reference the numbers of established connections with the same PID on the task manager to identify the executable. Anything suspicious can be checked on spyware guide.com
The utility Fportt will give information similar the Netstat including the PID, the running executable and the location of the file.

Search Knowledge Base Feedback

If you like our web site refer a friend.
Your friends name.	Your friends email address.
Your Name	Your Email Address