How to Know if You Are Infected with RATs or Keyloggers

How to Know if You Are
Infected
with RATs or Keyloggers
In this post i am going
to show you how to
find out when you are
infected with a RAT
or Keylogger without
using any complex
tools. Now i believe
most of you might
know that you need to
have an internet
connection to make a
RAT or
a Keylogger work,
which would mean, if
you are not connected
to internet, you don't
have to worry about
being infected
with RAT or Keylogger Ok,
so for those who have
internet connection and
think they are being
infected with a Trojan,
here is a little guide that
can solve your problem.
1. Now every program
has their own process
which can be seen on
task manager. So the
first thing to do is to
find out which process
theTrojan is being
attached to. If you see
some unknown process
search that on google. A
good hacker will always
makes sure he hides its
process with a
Windows based Process,
for eg. svchost.exe or
something like that.
2. If you cant find, then
the next thing you can
do is use cmd
(to open cmd
prompt, Click on Start---
>Accessories--
>Command prompt).
3. Once Command
Prompt is opened, use
this command: netstat -
an |find /i "listening"
Note: The NETSTAT
command will show you
whatever ports are
open or in use, but it is
NOT a port scanning
tool!
Now we wonder What
this Command does?
This command will
show all the opening
ports. Now check for
any unknown port.
4. You can skip step 3 if
you want, and can do
this instead.
Open command prompt
and type netstat -b
Now this command will
show you the active
connections with the
process with their PID
(Process Identifier) and
also the packets.
Look out for SYN
Packets and the Foreign
address its been
connecting with , check
the process its been
associated with, check
the ports also. If you
find that its connecting
to some unknown
ports, then you can say
you have been
backdoored.
5. Go to your task
manager. On the top of
it,
click on View---> select
Column---> Tick on PID
(Process Identifier).
Match the suspicious
Process with the
Processes In task
manager, check PID
also.
Now most of the RATs
resides on Start up. How
to delete them from
start up?
a) Go to regedit --->
HKLM\Software
\Microsoft\Windows
\Current version\Run
On the Right hand side,
check for the process
name which you find on
step 4. if its not their.
Check at
HKCU\Software
\Microsoft\Windows
\Current Version\Run
OR
Open Cmd prompt &
type start msconfig. Go
to Startup tab, you can
check the startup
process there.
I hope This Tutorial was
easy and
comprehensive.