Это видео недоступно.
Сожалеем об этом.
How to Use NETSTAT & FPORT Command to detect spyware, malware & trojans by Britec
HTML-код
- Опубликовано: 4 июл 2009
- How to Use NETSTAT & FPORT Command to detect spyware, malware & trojans and then use PSKILL to kill process so you can delete virus by Britec
---------------------------
PSkill Program Download
technet.microsoft.com/en-us/sy...
---------------------------
Fport v 2.0 download
www.foundstone.com/us/resource...
---------------------------
Spyware guide
www.spywareguide.com/
Thanks
Britec
www.britec.org.uk
www.briteccomputers.co.uk
www.pcrepairhetfordshire.co.uk
Almost ten years later and this is still a useful, well thought out tutorial.
Thanks
u doing well now?
2024, 14 years
14 years later and this video is still relevant - thanks!
@BearHit did you put the fport folder in c: root directory? and then run it for command line?
Thank you so much. All these guides talk about using netstat to identify trojans, but the steps always go.
Step 1) Eliminate known ports and connections.
Step 2) Run whois on unknown TCP connections.
Step 3) Disregard everything you just did and run a virus scan.
This is so useful, even years later.
Amazing! The knowledge you bring forth with the clear and concise explanation of its use is extremely helpful.
Thank you so much!
Nice one Brian. Mine was all clear but a relief to know. Very followable video even for me! Good job.
14 years ago and still helpful
Great video Brian, very well narrated and a very useful tutorial....thanks!
Ive probably watched 10 different spyware removal videos today
They pretty well were all trying to say the same thing but you were by far the easiest to understand ..
great videos very helpful with lots of information and you have a great way of explaining things clear and simple
this is one of the best video tutorials that i've found yet! thanks! :D
Excellent video! Thank you for posting it.
CTRL-DEL doesn't always work, but CTRL-SHIFT ESC will!
Also, once PIDs are showing, click on PID to put them in number order.
This will speed-up looking for the PID.
It was wonderful to notice that you had Kaspersky included, my preferred choice of anti-virus
Thanks so much for your video, it was very helpful!
well organized explanation, thanks
Very excellent video!!! Thank you. You pushed me in the right direction to find a virus in my cyber security class :)
Need an update to 2019
Great Job, Thanks for uploading.
Thank you for the help and clear discriptions. cheers
Thanks for the spyware and virus tips,,will be following you...how are you on Linux OS..?
Thanks, great video and you hit the nail on the head!
Great job! Keep up the good work.
Very well done Sir, thanks.
are you sure its a rootkit? have you scanned with gmer, also moving mouse could be down to a settings problem with your mouse
Thanks for the information and video.
thanks mate, very informative.
Thank you! Still relevant in 2018 :)
Thank you so much. This was very helpful.
I'm using Windows 7 Ultimate and this works perfectly.
Cheers.........!
This was an awesome video. For someone like myself who is so green it is not funny. I learn a lot!! Thanks from VA!!
Outstanding! Thanks a bunch.
Great explanation
Excellent and useful video.....thank you..
Great video - Very useful! Thanks!
This is cool stuff Britec!!
Question on backdoor , is their a away to manipulate the backdoor program and used it to your advantage?
Very cool Britec - still the best pc guru!
Excellent, thank you
Your welcome John.
This helped me out a lot.
My computer was hacked and my cursor was moving on it’s own.
I got enraged so I decided to deal with this.
Thank you very much i am from the future 2020 but thank you
I wasnt able to use fport but i did the -ano and task manager
Also i was unable to use spyware guide i just searched the process or program name and google got ur back
Your a life saver thank you so much
very nice video. helped me a lot!
Thanks Alot
Great and logical video. Though, the Fport link is no longer available. Also, in Windows 8, you can find where the program is located by right clicking it in task manager, then selecting "Open file location"
Actually if you have spyware that has installed a backdoor in your computer it would be LISTENING. Those 127 addresses that are established are your local loopback connections. When two pieces of software on your pc need to communicate with each other say different services your pc runs, they will use local loopbacks to do so. If your Itunes needs to talk to the apple mobile device manager, it's going to do it with a 127.0.0.1 IP.
A 2019 update is requested indeed! I was playing around with Process Monitor (part of the Sysinternals suite by Microsoft) because task manager is lacking ... it's more complex, but maybe easier in the end ....
windows taskmanager are for android and tab kids/users -and its totally useless in windows 10 -what a piece of junk
Good stuff here!
brilliant thanks very much learnt a bit to take away with me :-)
on windows 10 u have to go to processes and right click cpu and then select PID
Sarah Latschkowski your right sweetie 😍😍
Netstat can also achieve this by being run as admin and using the switch -naob
Stupid creeps
Sarah Brigida thank you lmao it was that easy
im trying to port forward the xbox live port 3074 udp/tcp, and it says the ports in use or some bs, so i looked all through the cmd and that port never showed up. i can enter 3074 tcp in port forwarding fine, but the udp wont, and theres no port 3074 udp in use or binded. is there a way to force find a specified port?
hello quick question, i have established connections but its not on the task manager when i cross reference it. what do i do?
Britec thanks in advance for your video, it was really informative and illustrative. However, I do know time has passed and I’m new on all this I was unable to configure or set up fport do you know how can I do it? Is it still available?
trouble with rootkit is there hard to detect, if I was you, I would do a operating system rebuild, that way your be sure its gone, rootkits let the person come in and out of your computer when they like. But if your sure its gone and you have deleted it then your be fine rescan with rootkit scanner to make sure somethink like gmer
If I enter task manager and "end activity" does it end forever or do I need to do this everytime I login to my pc?
Hello, great video however I have a question. What does it mean if I find a PID listed on netstat -ano but it is not listed on my task manager PIDs? Thanks!
hello there, for me the 'netstat -b' command returns "the requiested operation requires elevation".
Please help
very hepful thank you!
cool, that works for me, thanks a lot !!
Have I missed something? I´ve checked the Established PID numbers and they all correspond to a running process. Does that mean all is well? Or could a trojan or RAT not be disguised as a legit process? Is that not what they would normally do? So, in that case, how do we identify if all running processes are legitimate?
very nice vid keep em comin
What does it mean if you find a PID number in CMD that does not show up in Task Manager details?
Sandysuicide, if the command requires elevation, rt click on the cmd program and chose run as administrator. Or when you double click the command prompt icon, hold the shift key down this automatically opens a elevated command prompt...
Adding -b after netstat lists executables along with their requested addresses. Or use TCPView freeware to view the connections in real time
Is there a way to permanently block an IP of a pid process that you found , that it might be a Trojan. Apart from using ps kill of course to kill the process.
@ACADIENNEXX right click command prompt and run as administrator
after you kill the process is there anything else that should be done
Thank you.
Hey great video . I have a problem there is a PID with an established connection but it doesn't show up in task manager. I found all the others except for one . Can you help?
I noticed when I get rid of the trackers a lot of the established connection go away. If I kill them, will those connections stop?
cns back slash to clear the screen.. was so fast i didn't get that part?
brilliant mate.
Hello Brian
I seem to have a problem running the Fport and Pskill programs. I am looking for any nasty's on my computer and was hoping that you can help me out. I've been doing a little bit of research into the CMD promp section but again seem to be having problems accessing certain areas requiring information.
I first noticed that my files had reloaded them selves when I had previously deleted them, this as I am aware is a sign of computer hacking potentially. I have not run a system restore and my computer plays up.
Please can you help me
Curtis
If you are not connected to the internet should there be "ESTABLISHED " connections?
What is keeping the malware from replacing your NETSTAT with a hacked copy of netstat?
i tried to look for pid in the task manager but i cant seem to see but its showing on the cmd prompt what should i do?
You are a legend.
I have downloaded fport and pskill. How can i use them in command prompt?
what does it mean if you can view a PID on Task Viewer but not seeing it on CMD.
Some of the PID names i have in CMD arent under the processes so i cant found out what they are, why?
Hi and Thanks for posting this video.. its been really helpful... Question I'm unable to use the -b, the response is the command needs elevation.. what does that mean? thanks again
run command prompt as admin
need an update for 2020 and it looks "show process for all users" was uncheck is it needed?
If I don't find the PID number in the Task Manager, how can I locate the process?
I tried the -b command, I am using DietPi on my Raspberry Pi, its the only Linux system I have access to right now. Any idea how to get this to work ? Any help appreciated.
Doesnt taskkill do the same thing as pskill?????
Hello, when I do the b command it said ( the requested operation requires elevation) Please note I am registered as administrator
you can try panda root kit cleaner, sounds like a root kit you got, not easy to get rid of.
try deleting it in safemode in command prompt or use a program call unlocker and kill process.
Since the requested operation requires evaluation???????
what does it mean when the number on the established list in command prompt doesnt show in the task manager??? how then could I remove that, is it ahacker ? or virus or is it not? please contact asap
i'm trying to active NETSTAT -B but is not working. the command said the requested operation requires elevation ? could you pls help me with it
Hi Soilgirl
Use malwarebytes and superantispyware and vundofix
run them in safemode and you should be all clean. let me know how you get on
Brian
I have one pid that isnt showing up in taskmanager.. i have no clue what it is
@Karloki100 your welcome
helpful tips dn
after downloading fport from the mentioned site, im unable to run the command. Error message "fport is not recognized as an internal or external command, operable program or batch file". How do i resolve this issue?
when i go to netstat -b its no longer giving me the port number of the running processes this was after an update ?? Has this happend to anyone else
bless you heart! thank you Ever so kindly... Thank you! Thank you! Thank you....
what if i cant find the PID number in my processes? but it shows established on cmd prompt
its part of ITunes and Quicktime, should be safe just disable service if you dont want it
Help!??
When I did the -b it said I need elevation