How can you tell if a Windows machine is part of a Botnet?
Solution 1:
- 4 Useful Tools To Detect And Remove A Potential Botnet
- If you get more enterprising, checkout the Darknet schemes
- A more focused blacklist method is given by OpenDNS too.
- If it is Conficker you want to check, start with this quick EyeChart test
Solution 2:
I would recommend three tools for determining if your system is part of a botnet. The sysinternals tool suite is a must have for this process. The three tools listed below are the ones you will use for this process.
Process Explorer, TCPView Filemon
The first step is to run TCPView to see if you are talking to any strange addresses across the web. You should be able to recognize all of the sites you are talking to. If you find a site you are acessing that you do not recognize, then this is the time to look closer into what is going on.
Generally speaking when you have a botnet on your machine it will reach out across the internet at some point and when it does be sure to notice.
Once you have identified the unauthorized traffic, you can usually see which program is attempting to make the connection. This is where you go to proces explorer and here you will try to glean as much useful information as possible about the process. Also be sure to take note when you terminate the suspicious process. If you get the right process, the unauthorized communication across the wire should stop.
Next you go to filemon to make sure the malware has not opened another file in an attempt to keep itself alive.
This is a cyclical process, but as you eliminate the programs one at a time, you will find your problem if there is one.
Solution 3:
There was an in-depth discussion on the topping at Slashdot yesterday - How Can I Tell If My Computer Is Part of a Botnet?