Updated on 2022-12-01 GMT+08:00

Step 3: Analyzing the Network

This section describes how to use TCPView to view the current TCP connection status and detect suspicious processes. Suspicious processes are highlighted in red.

Prerequisites

You have downloaded the TCPView tool.

Procedure

  1. Open the TCPView folder and double-click the Tcpview.exe file. In the displayed dialog box, click Agree.

  2. Check the TCP connection status of the target process to analyze whether it is a Trojan.

    • If an unknown process has a large number of connections in the SYN_SENT state, the process may be a Trojan.
    • If a process connects to regular ports (for example, 6666 or 2333), or its host automatically parsed in the RemoteAddress column contains keywords such as mine, pool, or xmr, the process may be infected with viruses.

  3. (Optional) You can use the security detection websites to check external remote addresses or URLs.