How to ensure your computer is not part of a botnet ?

[sojuhasu]

Situation :
A Windows box (mine is Windows 7 and LinuxMint) that has been used for some time with Windows Firewall, Avast Antivirus and AdAware always actuve.
You use the box for everything from gaming to shopping. Since you are not sure whether the box is (mostly) secure, you want to increase the confidence level that your box is secure. Yet you do not want to have to reinstall everything.

Is there a good combination of programs that can detect not only trojans, spywares and viruses but also whether your box has in fact been rooted and is a part of botnet ?

 

[Costas Athan]

Situation :
A Windows box (mine is Windows 7 and LinuxMint) that has been used for some time with Windows Firewall, Avast Antivirus and AdAware always actuve.
You use the box for everything from gaming to shopping. Since you are not sure whether the box is (mostly) secure, you want to increase the confidence level that your box is secure. Yet you do not want to have to reinstall everything.

Is there a good combination of programs that can detect not only trojans, spywares and viruses but also whether your box has in fact been rooted and is a part of botnet ?

Well, something must infect a PC in order to become a botnet. So the usual protection programs must do the job.

Also you can check active connections with a firewall and see if anything is out of order. Additionally run a full computer scan with an antivirus (with rootkit detection) after booting Windows in safe mode.

Finally analyze your system with HijackThis and check the logfile here ==> http://www.hijackthis.de/.

 

[Modelworks]

The easiest way to find out if the network has been compromised is to watch the ports on the pc for a time. You can do it with tools like those from sysinternals.

 

[Costas Athan]

The easiest way to find out if the network has been compromised is to watch the ports on the pc for a time. You can do it with tools like those from sysinternals.

Or just start CMD as an administrator and run the command netstat with the -b flag after it:

netstat -b

Many firewalls also show the active connections. I use COMODO firewall. Under the Firewall section you can click "View Active Connections" in order to launch the relative window.

 

[SecurityTheatre]

Or just start CMD as an administrator and run the command netstat with the -b flag after it:

netstat -b

Many firewalls also show the active connections. I use COMODO firewall. Under the Firewall section you can click "View Active Connections" in order to launch the relative window.

While this is good advice, it is mind boggling to most people how many active connections various programs maintain. Programs like FireFox and Internet explorer regularly make connections to various servers, often your graphics card plugins may do the same... as well as many software packages that have tray icons or automatic updates. It can be a bit challenging to sort out the various connections from a netstat command.

The SysInternals programs have the advantage of being much more clear about which process is holding which port and can do some of the work in helping you visualize the potential problems.

 

[Costas Athan]

While this is good advice, it is mind boggling to most people how many active connections various programs maintain. Programs like FireFox and Internet explorer regularly make connections to various servers, often your graphics card plugins may do the same... as well as many software packages that have tray icons or automatic updates. It can be a bit challenging to sort out the various connections from a netstat command.

The SysInternals programs have the advantage of being much more clear about which process is holding which port and can do some of the work in helping you visualize the potential problems.

If you run netstat with -b flag it will give the name of the related process that has initiated the connection, not necessarily organized by the process name.