This Simple guide will show you how to use NetStat to identify if you are infected with a RAT.
Today I am going to show you how to check if you’re infected with RAT using Netstat.
This is a very simple trick to check if you’re infected, but I can’t guarantee you that this is 100% trusted .
Here we go
Step 1 – Task Manager
1. Open Task Manager by pressing at the same time CTRL+ALT+DEL
2. Then go to process column and click “View” > “Select columns” as the image below
3. Check the first one PID (Process Identifier)
4. Now we will organize Task Manager by PID as in the image below. This will make things easier to read for the next step .
That was end of using Task Manager
Step 2 – Netstat
1. Now we need to open Command Prompt (CMD) by pressing Windows Key+R (The windows key is the logo of WINDOWS located in you’re keyboard)
2. The RUN window will pop-up, Type in CMD and press ENTER. Now the Command Prompt will show up .
3. Type netstat -ano . It should look similar to the picture below :
Only look for ESTABLISHED connections (it would be established if its a RAT or malicious), read the PID and crosscheck into Task Manager. Notice in my example that the only established connections use the PID 424. Lets take a look at what that is :
As we can see, its Firefox. Now lets say you notice the PID reads something like svchost.exe. You should open the file location by right clicking it and pressing Open File Location and either scan it with VirusTotal or check to see if in its legit location (if it was in Appdata or Program Files and it is svchost.exe, then you may have a problem).