Instruction
1
One of the most unpleasant varieties of Trojans are backdoors (backdoor), allowing a hacker to remotely control the compromised computer. Justifying its name, backdoor to the attacker opens a loophole through which you can execute on the remote computer any action.
2
The backdoor consists of two parts: a client installed on the computer of a hacker, and servers located on your computer. The server part is always waiting for connection "hanging" on some port. It is on this basis – occupy port – and it can be tracked, then delete the Trojan will be much easier.
3
Open a command prompt: "start – All programs – accessories – Command prompt". Type netstat –aon and press Enter. You will see a list of connections of your computer. Current connections are indicated in the column "Status" as ESTABLISHED, waiting for connection marked line LISTENING. Backdoor, waiting for a connection, is in the hearing.
4
In the first column you will see the local address and ports used by those network connections software. If you see it in the programs list, pending connection, it does not mean that your computer is certainly infected. For example, ports 135 and 445 are used by Windows services.
5
In the very last column (PID) you will see the ID numbers of the processes. They will help you find out which program is using the port you are interested in. Type in the same window the command line command tasklist. You will see a list of processes with their names and ID numbers. Looking up the identifier in the list of network connections you can on the second list to determine what program it belongs to.
6
It so happens that the name of the process tells you nothing. Then use Everest (Aida64): install it, run and view a list of processes. Program is Everest makes it easy to find the path that is executable. If the program running the process that is unfamiliar to you, delete the executable file and close it the process. During the next computer startup can pop-up warning that this file cannot be run, this will set its startup key in the registry. Using this information, a delete key using the registry editor ("start – Run" regedit).
7
If the monitoring process bandaru really belongs, in the column "Foreign address" you can see the ip connecting to your computer. But it is likely to be the address of the proxy server, and therefore to calculate a hacker you are unlikely.