How To Guides Org

Cybersecurity Awareness: How to use netstat (-b) to check for spyware

Today, we want to take a closer look at the command netstat. You can use netstat -b to check for spyware and viruses. Here’s how.

Via Command Prompt

Built-in Windows tools are more powerful than you think. Learning to master cmd and Powershell will get you a long way before you even have to consider external 3rd-party tools.

1. Step Open an elevated command prompt (click here to read this tutorial if you don’t know how)

2. Step Enter netstat -b

3. Step Next, you will get a list of all processes that have active connections.

4. Step Stop! Don’t freak out! Yes, it is very normal that there are so many connections. For example, if you use Google Chrome and visit Google.com you might see something like: ber01s02-in-f106:htttp

The connection like “ber01s02-in-f106:htttp” belongs to 209.85.149.103 (Google). The host resolves to ber01s02-in-f103.1e100.net which is a Google domain apparently.

Checking Processes

5. Step Check all entries for a process that uses an executable name that you don’t know. For example if there is a process that is called “ioveyou.exe” or something really strange, it’s most likely a virus. Also, keep in mind that many viruses use very similar names, e.g. they could be called svhost.exe instead of svchost.exe. Read carefully!

As you can see, you can use netstat to find spyware quite easily. You can do some further digging on netstat, it’s really a handy tool that allows you to find out so much about what is going on in the background and what connections are currently established on your PC.

I also recommend to get a network monitor script to monitor your network traffic.

Cybersecurity Awareness Month

October is Cybersecurity Awareness Month. Missed any of our previous guides? You can find them here: