New viruses and Trojans are created every day. Even if an anti-virus program with regularly updated databases is installed on the computer, this does not guarantee complete protection against malicious software. In many cases, the user has to check the computer for spyware himself.
Instructions
Step 1
One of the main characteristics of spyware is its stealthiness. Many users realize that a computer is infected only after losing confidential information. In order not to be among them, carefully monitor everything that happens on your computer. Any incomprehensible events, even the smallest ones, may indicate the presence of a Trojan program on the computer.
Step 2
Sometimes a message from the firewall stating that some unfamiliar program is trying to connect to the network helps to find the Trojan. In this case, find out where its file and autorun key are located. This can be done using the AnVir Task Manager program - it is very convenient for diagnosing a computer. Run it, open the "Processes" tab. You will see a list of processes with an indication of their danger and information about the location of files and startup keys.
Step 3
Open Registry Editor: "Start" - "Run", enter the command regedit and click "OK". Using the information of the AnVir Task Manager program, find the autorun key. Then open the folder where the program file is located and find it. Now in the AnVir Task Manager program, stop the Trojan process - select it with the mouse and click the "End Process" button. After that, delete the program file and startup key.
Step 4
Many Trojans do not manifest themselves in any way during operation. To check your computer for their presence, periodically look through the list of trusted firewall applications - one of the ways to "legalize" a Trojan is to add its process to this list. Better yet, check the corresponding lines in the registry: HKLMSystemCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList.
Step 5
To check network connections, open the command line: "Start" - "All programs" - "Accessories" - "Command line" Processes ", type the command netstat –aon and press Enter. You will see a list of network connections. Active connections will be marked as Established. In the column "Local address" you can see the port of your computer used for this connection. The "External address" column will contain the ip-address of the remote computer from which the connection is made.
Step 6
The Listening state indicates that the program is waiting for a connection. The Close_Wait line says that the connection has already been closed. Carefully review the list of processes that connect to the Internet; among them there may be processes of Trojans.
Step 7
If some of the processes are unfamiliar to you, find out their purpose. To do this, pay attention to the PID - the process identifier in the last column. In the same place, in the command line, type the tasklist command - you will see a list of all processes in the system with their identifiers. Find the PID you need in this list - you will find out the name of the process. To get all the rest of the information, use the AnVir Task Manager program already mentioned above.
Step 8
One of the most dangerous spyware programs are keyloggers, which can steal keyboard input such as credit card numbers, expiration dates, and security codes. Many keyloggers are detected by antiviruses and firewalls, there are also good utilities for finding them - for example, AVZ. Check your computer regularly with similar programs.
Step 9
Do not forget that it is very, very difficult to detect a well-crafted Trojan horse. Therefore, the best way to protect yourself from computer espionage is to comply with security rules. Do not store confidential data in the clear, it is better to pack it in an archive and put a password on it. Never save account passwords in your browser, always enter them by hand. For purchases on the Internet, get a separate bank card with a small amount on it or use virtual cards.
