Yesterday a friend told me: “Ahmed, I recently read your article on how to inject a backdoor with a USB key and I also read the article Zeus, King of botnets and I was wondering if we can recognize a zombie pc that is part of a hacker's botnet network, knowing that I am on windows. "
To answer this question, I have decided to share with you a very effective method of being aware of everything that is happening on your computer.
In fact, when a PC is infected with malware or spyware, it hosts a program that scans the internal drive; either to suck up your contacts to send them to spam databases; or to carry out a relay with other infected machines to constitute a base of zombies.
In either case, there are certain signs that shouldn't be overlooked like:
- The fan starts at full speed when the computer is idle.
- The computer takes a long time to shut down.
- Your Friends receive emails with your email address that you did not send.
- Internet access is very slow.
- Opening of ad pop-ups even when your web browser is closed.
How to detect a backdoor on your PC
Please note:: This method that I am showing you does not replace the usual protection methods such as Anti-virus.
To begin with, we are going to use a free software that will be very useful to us, it is TCPView.
TCPView monitors your system's TCP / IP site activity. Unlike the TCP / IP monitoring tools that come with Windows, TCPView shows what process is associated with each TCP / IP address.
Download this tool then unzip it.
No installation is required, click on the Tcpview.exe file and the program window will open. TCPView displays network exchanges between your PC and the outside world in every second.
The advantage of TCPView over command netstat is that it allows a connection to be closed without having to close the corresponding process.
In the case of an infected PC, the remote address is "exotic".
In the screenshot below you can clearly see all open connections on my pc:
You notice in the picture that there is a Telnet client connected to my computer and also a backdoor Net cat.
TCPView will be able to block this backdoor with a click and identify the location of this program which uses it to get rid of it.