To see a list of Internet connections, open a command prompt: "start" – "All programs" – "Accessories" – "Command prompt". Type netstat –aon and press Enter.
In the column "Local address" you will see a list of connections by indicating which ports are used. The column "Foreign address" shows the ip addresses of the remote computers with which a connection is established. The column "Status" describes the current state of connection: ESTABLISHED – the connection is established, CLOSE_WAIT connection closed, LISTENING is the idle state of the connection.
The graph shows the PID process identifiers that use the data connection. To learn the names of processes, type the command line command tasklist. In the column "image Name" you will see a list of processes under the PID identifiers of these processes.
If you see a suspicious process, carrying out a Internet connection or in idle mode, you can always identify it by ID. If the process name is unfamiliar to you, use Everest. Run it, select "Operating system" – "Processes." Finding the process you want, you can figure out what program it belongs to.
For the same purpose you can use AnVir Task Manager. It shows a list of all processes in the system and determines the degree of danger. You will be able to determine where the program files and how it is run. If necessary, you can terminate any process.
You can also kill any process from the command line with taskkill command. It is most convenient to close the processes using their IDs. For example, a running program has an ID of 1460. To close it, type in command line: taskkill /pid 1460 /f and press Enter. The-f parameter to the command specifies a forced termination of the process.