(adsbygoogle = window.adsbygoogle || []).push({}); Very brief explanation for users using Windows.
Fine print: This is for educational purposes only,
though I doubt you could use it with malicious intent.
Furthermore, This is only to be used for the detection of malicious programs that utilize a connection to the internet. (Keyloggers, Specific type of Trojans, etc.)
It's also not used to remove said programs.
This is just to prevent people making "OMG AM I KEYLOGGED" threads constantly.

To find Keyloggers (as well as any other malicious program accessing the internet),
It's usually not as simple as just opening your Task Manager and finding the process.
Nor is it as easy as running a virus scan.
The fact of the matter is that if a hacker wants their activity to be undetectable,
You will not see it.
That's all there is to it.
Hackers can use complex method of hiding files/processes from such tools to make this sort of 'quick fix' impossible.
Though it may be possible with that kid down the block that gave you a Keylogger to mess with you, it's not possible with an educated hacker.

To avoid this,
There are several ways to figure out if someone has unauthorized access over your client.
The easiest being as follows:

Do this once BEFORE YOU CONNECT TO THE INTERNET IN ANY WAY.

Press the start menu button.

Click "Run". (Windows 7 may not have this by default. Just search it in your "Search programs and files" bar.)

Type "Cmd", and run it.

You should now be in a Command Prompt.

Now enter: netstat -arn

Press enter.

You should now see a list of numbers under "Network Address, Netmask, Gateway Address, Interface, Metric".

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
255.255.255.255 255.255.255.255 255.255.255.255 0.0.0.0 1

If it doesn't look like something like that,
And you're not connected to the internet...
Your computer is infected.

If it does, move on.

Next, connect to the internet.
Repeat the "netstat -arn" command mentioned earlier.

You should now see numbers under "Network Destination, Netmask, Gateway Address, Interface, Metric"

If it doesn't list only the network addresses used by your ISP...
You're infected.

As a rule of thumb, it should be something like:

0.0.0.0 0.0.0.0 216.1.104.70 216.1.104.70 1
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
216.1.104.0 255.255.255.0 216.1.104.70 216.1.104.70 1
216.1.104.70 255.255.255.255 127.0.0.1 127.0.0.1 1
216.1.104.255 255.255.255.255 216.1.104.70 216.1.104.70 1
224.0.0.0 224.0.0.0 216.1.104.70 216.1.104.70 1
255.255.255.255 255.255.255.255 216.1.104.70 216.1.104.70 1

If you see something odd listed here... It's bad.

In the next section you are going to close every program you have using the internet.
You're now going to open up your Command Prompt and type: netstat -an
The only IP listed here after you close everything accessing the internet should be the one assigned to you by your ISP.
If there are any other IPs listed here...
You're infected.

Rule of thumb... Should look like this:

Protocol Local Address Foreign Address State
TCP 0.0.0.0:0 0.0.0.0:0 LISTENING
TCP 216.1.104.32:120 0.0.0.0:0 LISTENING
TCP 216.1.104.32:121 0.0.0.0:0 LISTENING
TCP 216.1.104.32:122 0.0.0.0:0 LISTENING
UDP 216.1.104.32:123 *:*

Listed here, 216.1.104.32... The bolded part will almost always change.
Consider that number your "Session ID".

Last, Go back into your Prompt.
Type in, again: netstat -arn
Look for "Interface list".
You should now see all your active network adapters.
Assuming you still have all your programs closed,
You should only see the net adapters normally used by your computer.
(And possibly a Teamviewer VPN assuming you use Teamviewer. It doesn't like to close its net adapter sometimes.)

If you see something your computer obviously doesn't use normally,
(Assuming you don't know how to use your control panel to find the network adapters manually) Google is your friend.
Chances are that if it's utilizing half of your network connection with everything closed...
It's probably not friendly.
Now, that step won't usually show anything odd,
Even if you have a virus.
So, I won't go so far as to say you're not infected yet.

The last step... Obviously: Run a virus scan.
Hackers are able to hide viruses from these scans using very simple methods.
Naturally though, you can't hide from everything.
The more Anti-virus programs you have,
The better the chance of picking something up. (Seriously. It may be annoying, but if you're security conscious, it's a must.)

That concludes this installment of "Stop Failing 101".

Embrace the System.

Thanks for this. According to this my computer isn't infected.

That is always good lol.

Hope this helps. :mudkip:

Bump.........

There have been many tutorials on how to check/remove virus's and such from your computer. This one is no different so you may not bother "bumping" it (yes I know I just did) as it's nothing new.

Okay then put 3 links to a thread like this one.

You must login or register to view this content.
A few post down You must login or register to view this content.
You must login or register to view this content.

Need more?

I think he meant that the technique you're presenting is rather basic, and doesn't guarantee that your computer is actually virus free, and many keyloggers wouldn't show up based on the test you perform. Furthermore, you only teach how to check for keyloggers, not how to remove it (until you reach the antivirus step). Furthermore, you only briefly touch on things like the antivirus, and spend your time talking about things that most antiviruses would perform for you.

And lastly, there are tons of tutorials (both on this site and others) that are related to virus removal (or checking for viruses), either way, its nothing really new, and the information you bring forth isn't really revolutionary.

umm according to this i'm infected -.- maybe it's one of the rats i lauched on my pc wrongly xD

He also forgot to mention that quite a bit of viruses actually locate themselves in areas like %AppData% where normal users generally will not search, also areas like Temp and Program files (<They create a fake folder or place it in a Microsoft folder and name the files similar to that of a real MS file to hide it).

The really good ones though will actually take the files and bind themselves with it, which then fudges shit up.