WMIC Tutorial

bp27.z01Today we will be discussing about how to check weather your computer is infected or not using manual methods, its not an foolproof method but I can find all non-sophisticated attacks by performing the below mentioned checks.

i will be doing all these checks using Windows based command line tool called WMIC(Windows Management Instrumentation Command-Line). windows has proper command line since 2000, that is fifteen years now and yet only few people knew about WMIC. Now its time to end the secrecy and unveil secrets of WMIC.

we can directly issue WMIC commands through command prompt

To start WMIC shell type WMIC in command line

wmic1

 

To get help about the WMIC type /?

wmic2

Most of the time malware writers save and run files from Local/Temp folders. These files will be running at startup.

To find startup processes in localsystem

wmic3

To find all running processes

wmic process list full

wmic1

To save list in an file

wmic process list full >> hello.csv

wmic2

To get only require fields from process list

wmic process get processid, commandline >> process.csv

To get running services

wmic service list full | more

or

wmic service get name, processid, startmode, state, status, pathname >> service:csv

Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

thirteen + 20 =