My Windows 7 machine is infected. How do I track down IPs?

351865 pts.
Tags:
IP address
Microsoft Windows 7
Windows 7 security
My Windows 7 machine is infected. How can I tell what IPs my machine is connected to and what it is transmitting or has transmitted? Do I need to change all of my passwords and credit card numbers?

Answer Wiki

Thanks. We'll let you know when a new response is added.

ipconfig /all will show you the IP address. Is this a home machine?

What is it infected with – what does your anti-virus software report? It should also be able to clean the infection.

I would certainly think about changing passwords

++++++++++++++++++++++++++++++++++++++++

I would install Active Ports to review active connections and will show what programs have initialized it. Also install K9 Web Protection from Bluecoat. This would restrict where you computer attempts to go to. Within the Gui (Web Browser), you can see where it’s trying to cnnect to as well. Once you have an antivirus on the computer like AVG Free as well as the following tools:

Malwarebytes
Hihackthis (TrendMicro)
Spybot
CCleaner

Good idea to change your passwords. You may want to contact your credit card company to inform them of the situation. They may issue new cards.

Good luck!

Discuss This Question: 7  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Technochic
    Definitely change the passwords and log ins. But do not do it from this infected PC. :-)
    57,010 pointsBadges:
    report
  • carlosdl
    The first thing you need to know is what the machine infected with. Not all malware infections put your passwords at risk (but yes, when in doubt, change them). You could use Sysinternals' TCPView to view current tcp connections. I would recommend to install some good antimalware software, update its definitions, reboot the machine in safe mode without networking, and perform a full scan.
    70,190 pointsBadges:
    report
  • valmsmith
    I would also seriously consider disconnecting the machine from the internet (temporarily) going into my control panel and shutting down my "System Restore" on all drives, reboot the machine with the restore off, run the antivirus and spyware scans, (preferably SpyBot Seek and Destroy), making sure your machine is clean of virus/trojans. then I would reboot, and turn the system restore back on creating a new restore point at that time, I would also run the scans again to be certain it was still clean and defiitely change all your PWs.
    870 pointsBadges:
    report
  • Darkstar911
    Format the machine and make backups from now on. When that happens again next time just restore from image before the computer gets infected. I will not trust any security software. None of them has 100% effectiveness.
    790 pointsBadges:
    report
  • TomLiotta
    If your system really is "infected", then you possibly can't trust that anything that you download and install won't become infected or that it will run properly. On most Windows (and other) systems, you can list information about connections with the NETSTAT command. The command might also not run correctly, but it should at least be immediately available. Click Start-> Run... and type "cmd" (no quotes) into the entry field, then click the OK button. In the command window, type netstat and press <enter>. A list of connections should appear. Type "netstat -?" to see basic help for parameters. Type "netstat -abf" for just about the most complete and reliable list of connections, remote addresses, listening ports and executeables as you can get from Windows 7. Tom
    125,585 pointsBadges:
    report
  • ITKE
    [...] out around the forums for the past couple weeks. Whether it’s Windows Server 2008, Oracle, or Windows 7 in 2010, Darkstar911’s been laying down the knowledge. Thanks for helping us out, and keep up the [...]
    0 pointsBadges:
    report
  • ITKE
    [...] but that hasn’t kept him from being very active in the forums. Check out his answers about Windows 7 in 2010, Windows XP, Windows Server 2003 or SBS 2003. Thanks for hitting the ground running, [...]
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following