A properly configured computer communicates with the Internet only in two cases: when you are working in a network and update the antivirus database or operating system. If you see that the computer itself "climbs" in the network, it is a reason to scan it.
You should know that even protected with antivirus and firewall computer is not invulnerable. Hackers long ago learned how to deceive the most well-known virus protection programs, so carefully follow the behavior of a computer and regularly check the open ports.
To check open ports, open a command prompt: "start" - "All programs" - "Accessories" - "Command prompt". There's an easier way: "start" - "Run", enter cmd, and click OK. Enter in the command window netstat –aon, run the utility by pressing Enter.
In the first column of the table that appears, specify the type of network connection. The second "Local address" you will see the local address and open ports (for address, after the colon). In the column "Foreign address" indicates the network address, which connects your computer.
Pay attention to the section "Status" that indicates the connection status: ESTABLISHED – the connection is established. LISTENING – waiting for a connection. CLOSE_WAIT – the connection is completed. Finally, the last column PID shows the process ID. This is the number under which the particular process appears in the system.
Due to the presence of PID you can figure out what program opens a particular port. For example, you see that you have opened the port 1499, ID – 1580 (it will be different). Type in the same window the command line command tasklist. You will see a list of all processes, while the second column contains their identifiers (PID). Now you need to find this column you are interested in PID, in this case 1580. Find, look in the left column, the name of the process – let it be AAWService.exe.
If the process name is unfamiliar to you, enter it in the string search engine. Entered, received information the process belongs to the software Ad-Aware. You have on a computer this program? Whether it runs automatically at startup? Whether it is necessary to you? Run Aida64 (Everest) and look at the startup folder and, if necessary, then delete the file Ad-Aware. If you do not like this program then AAWService.exe - the process of a Trojan masquerading as a popular tool. Use this algorithm to check all other applications that open ports.
Look for connections with LISTENING. The app listens on the port waiting for a connection. In this way can act as "legal" programs – for example, Windows services and Trojan, pending when they will be connecting to.
Advice 2: How to check which ports are open
Sometimes the user who wants to maximize control of your system, it is essential to clarify what the port's connections are open at the moment with his PC. This operation takes no more than a few seconds.
First of all, you can use the netstat command from the standard set of Windows XP. To log in to the Windows command prompt and there type "netstat 5" (without the quotes). After the execution of the command, you will see updates every 5 seconds (you can specify any other time) a report containing information about open connections, programs, and use their ports.
Some may be easier to use the program TCPView or other software of similar purpose. In addition, the same information you may report any firewall running on your computer.
Advice 3: How to know the pid of the process
When the computer starts a process, it gets a pid that is the ID of the process. Sometimes you need to know the ID. Maybe you for some reason need to disable a running process, for example, if it interferes with the removal. There are several ways to know the pid. The simplest way to do this using task Manager and command prompt.
You will need
- - a computer running Windows (XP, Windows 7).
Press ctrl+alt+del. If your operating system is Windows XP, the task Manager will appear immediately, if Windows 7 - a window will appear where you can select it.
In task Manager select the Processes tab. Now here click on "View". An additional window will appear. In this select "Choose columns." A dialog box will appear, where the top item will be called "ID process (pid)". In front of him select. Save the settings by pressing OK.
Then in device Manager click on the Processes tab where you will see the string "ID process". Look at the name of the processwhose ID you need to discover and view its value.
Now you will learn how to read this value from the command line of the operating system. Click "start" and then click "All programs." Select "Standard program". Here, find the menu item "Command prompt" and run it. Type tasklist and press Enter. After activating this command in the command prompt window will appear listing all the currently active processes. After the name of each of them will be written the ID.
If you need to quickly complete the process, then it can be done. After you learn the ID of the process, in command prompt type taskkill /pid 0000. Instead of zeroes type the number ID of the processthat is required "to carry". After that, the system will send a signal to its completion, and it will be off.
At the end of the process, be careful. It is possible to inadvertently disable the active process, which is required for the correct operation of the operating system.