Windwos 7 under the Trojan horse netstat command to help you

In the Win7 system, how can we quickly find the Trojan lurking in the system? With anti-virus software, Trojan firewall, or security guards? In fact, no need to be so troublesome, we only need to use a command netstat in Win7 system (this command can also be used in WinXP and Vista), you can determine whether the system has a Trojan by detecting the network connection. Is this netstat command really so powerful? Let's take a look.
Use the netstat command, the Trojan has nowhere to escape

netstat is a DOS command, a very useful tool for monitoring TCP/IP networks, it can display routing tables, actual network connections, and each Status information of the network interface device. Netstat is used to display statistics related to IP, TCP, UDP, and ICMP protocols. It is generally used to check the network connection of each port of the machine. Simply put, the netstat command can check the connection between the current
computer
and the network. So what does this have to do with detecting Trojans? Because the Trojan communicates with the outside world, it needs to open a port that can be detected by the netstat command. In addition, the netstat command can be used with different parameters to achieve better detection results. It can even cooperate with other commands to kill the Trojan process and let the Trojans scrap.

Use of the netstat command

Click “Start”Menu→“Run", enter“cmd"Run“command prompt>, enter: <quo;netstat -an” command and enter, this command can see all the IP connection with the local computer, it contains four parts — — proto (connection method), local address (local connection address), foreign address (and local Establish the address of the connection), state (current port status). With the details of this command, we can fully monitor the connection on the computer to achieve the purpose of controlling the computer. Usually we use this command is enough, and we can also implement more tests by attaching some parameters.
Ending the Trojan process with the netstat command Let's try to end the Trojan process with the netstat command with other commands. Enter the following command: netstat -an -o and press Enter. The function of the -o parameter is to display the process ID associated with each connection, that is, the PID value of the process. The PID value will be displayed after each displayed network connection. . If you find a suspicious network connection, record its PID value.
Press “Ctrl”+“Shift”+“Esc” key to run “Task Manager”, click “View”Menu →“Select Column”, check the &ldquo ; PID (process identifier) ​​option, click OK. Then switch to the “process” tab and find the corresponding process in the "Task Manager" by the PID value you just noted. If you are unfamiliar with the process, there is a description of the process in Win7's task manager. By describing it, we can see if the process is safe.
If you are sure that there is a problem with the process, then we can use the “Tasklist” command to end the process. Go back to the “Command Prompt” and enter the command “Taskkill /pid 1234” to end the process. 1234 is the PID value of the dangerous process. The process of the Trojan is over, and we can kill the Trojan through the anti-virus software and clean the Trojan.