eHow launches Android app: Get the best of eHow on the go.

How To

How to detect a Trojan with DOS

Member
By SB Glasby
User-Submitted Article
(1 Ratings)

Trojans, by their nature, are inserted onto your PC by various means. Lately some advertisers have been targeted. Some of their ads contain malicious code that allows a Trojan onto your computer from legitimate sites. Once on your PC, the Trojan opens connections to the internet to allow other programs to connect to your computer.

Using some simple DOS commands ( YES DOS still lives on Windows computers ), you can see if there might be a Trojan running on your computer.

Difficulty: Easy
Instructions

Things You'll Need:

  • Windows PC
  • Command Prompt (DOS BOX)
  1. Step 1
    Open a DOS command prompt
    Open a DOS command prompt

    Open a command prompt ( dos window ), by selecting

    START >> RUN

  2. Step 2
    call the command prompt box
    call the command prompt box

    type in the letters CMD and press OK

  3. Step 3
    netstat is the dos command to show you connections
    netstat is the dos command to show you connections

    type in netstat -a and press enter to show you all connections to your PC

  4. Step 4
    your pc connections are here
    your pc connections are here

    you should see a list of all connection your PC is making, locally as well as remotely.

  5. Step 5
    typical output from netstat -a
    typical output from netstat -a

    This image shows some typical connections that your PC may display when running netstat -a

  6. Step 6
    netstat -ab
    netstat -ab

    type in netstat -ab and press enter, this will show you what programs are making the connections

  7. Step 7
    typical netstat -ab output results
    typical netstat -ab output results

    you may have to wait several minutes for all the connections to display and you might be amazed at what you see.

  8. Step 8
    verify that you are running Internet Explorer if you see these results
    verify that you are running Internet Explorer if you see these results

    some connections you see will be obvious, iexplorer.exe is Internet Explorer, and you can see that it's making connections.

    if you see iexplorer.exe and you don't have Internet Explorer open, then you probably have a Trojan.

  9. Step 9

    if you see a program making any UDP OR TCP request to remote destinations, you can search google or yahoo to determine what the program is, and how to remove.

Tips & Warnings
  • This works on Windows 2000, Windows XP and Vista.
  • Skip steps 1 & 2 for vista and just type in cmd in the start menu box.
  • To make sure this check is accurate, you should do this right after the PC has started, without opening any browser windows.
  • to refresh, press the up arrow and enter.
  • although all network connections will show in this window, check the results before assuming the worst.

Comments  

themexican said

Flag This Comment

on 8/20/2009 Nice article. Many people never even think of this step or the netstat command. 5* and recommended for the great article.

Post a Comment

Post a Comment
  • Have you done this? Click here to let us know.
I Did This

Related Ads

Computers
Alexia Petrakos,

Meet Alexia Petrakos eHow's Computers Expert.

Get Free Computers Newsletters

Copyright © 1999-2009 eHow, Inc. Use of this web site constitutes acceptance of the eHow Terms of Use and Privacy Policy.   en-US Portions of this page are modifications based on work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License.

eHow Computers
eHow_eHow Technology and Electronics