Today we will be discussing about how to check weather your computer is infected or not using manual methods, its not an foolproof method but I can find all non-sophisticated attacks by performing the below mentioned checks.
i will be doing all these checks using Windows based command line tool called WMIC(Windows Management Instrumentation Command-Line). windows has proper command line since 2000, that is fifteen years now and yet only few people knew about WMIC. Now its time to end the secrecy and unveil secrets of WMIC.
we can directly issue WMIC commands through command prompt
To start WMIC shell type WMIC in command line
To get help about the WMIC type /?
Most of the time malware writers save and run files from Local/Temp folders. These files will be running at startup.
To find startup processes in localsystem
To find all running processes
wmic process list full
To save list in an file
wmic process list full >> hello.csv
To get only require fields from process list
wmic process get processid, commandline >> process.csv
To get running services
wmic service list full | more
wmic service get name, processid, startmode, state, status, pathname >> service:csv