Rooting Out Zombies
If you are a regular visitor to these pages you should know all about the current epidemic of zombification. For those of you that missed it, this is when a PC is hijacked and used with other PCs to spread Spam and viruses. Some experts reckon that as much as 80 percent of Spam could be coming from zombie PCs, working together in so-called ‘botnets’.
Some of these infections, which often hide in downloaded software called a ‘rootkit’, are extremely devious and may not show up on a routine anti-virus scan, so how can you tell if you have been infected? It’s not easy but if you know your way around Windows a built-in utility called Netstat can help, by displaying all of the attempts to use your PC’s network and Internet connections. To fire it up go to Run on the Start menu and type ‘cmd’ (without the quotes) and this opens a DOS-like window, at the flashing prompt type ‘netstat –an’ (again no quotes and the list of connections. It probably won’t mean much to you but check the list of ‘Foreign’ IP addresses, as this is where the rootkit infection will show its hand.
If you are not sure what to look for a free Microsoft utility called TCPView provides a slightly more informative insight into what’s going on and if you right-click on an item and select Properties it will tell you something about the ‘Process’ and what program it belongs to, and if you don’t recognise the name try Googling it.
Tags: cmd, epidemic, flashing, free_microsoft, google, hijacked, informative_insight, Internet, ip_addresses, netstat, pcs_network, quotes, recognise, rootkit, spam, start_menu, tcpview, virus_scan
Loading ...
