How to Find Virus using cmd prompt command

Anti-Malware tools is the best solution to provide maximum protection for PC, but, in some cases most of these anti-malware may not detect virus or Trojan, because a good hacker will always try to  encrypt their malware to make it invisible to detect for anti-malware.

How to Remove virus using cmd

In this tutorial, i’ll show you how to find find and Remove virus using cmd. By using the Prompt Command cmd, you can find if a virus is sending your information to an external server.

1. Open cmd  Prompt Command

On your windows Desktop, Click on Start on the bottom left of the screen, then type cmd on the search box. After the prompt command shows-up, type this line command in the cmd :  -netstat -ano

Virus using cmd

Click enter, you will see a list of Active connection, where you will find PID with it’s State and local and Foreign Address and the protocol.

cmd-2

Now, you need to look for PID with ESTABLISHED State, and verify it with Task Manager.

2. Open Windows Task Manager

To open Windows Task Manager, click CTRL+ALT+Suppr to launch your Windows Task manager. After you launch it go to detail section.

task-manager

After these steps, Go back to cmd prompt command and search for PID with ESTABLISHED State, then locate that PID and verify it with task manager.

If you can’t recognize it’s process then it may be a virus, left click on process, before you end Process task, click on Open file location and scan the file with VirusTotal online scanner. In case the file is a virus, return to Task manager and terminate it’s process task then delete the file from it’s location.

Find virus using cmd without antivirus

Watch the above video to have a good understand how you locate and find the virus file if exist. In some cases you may not be able to perform a manual delete on this file, only antivirus will help you. In the end make sure to check and fix your system registry error caused by the virus.

13 thoughts on “How to Find Virus using cmd prompt command

  1. hi admin
    how r you
    This post is really Good and Unique i have virus in my pc so this post i got many help to remove a virus with cmd

    1. Moss says:

      I’m glad to hear that.

  2. lee says:

    what if one pid 5124 does not show up in task manager ?

    1. Moss says:

      Every pid must show up in task manager 🙂

  3. ritz says:

    hi admin,

    is this also applicable to Microsoft windows [Version 10.0.10586].
    My pc got locky virus. i’ve tried the cmd but it says

    Microsoft Windows [Version 10.0.10586]
    (c) 2015 Microsoft Corporation. All rights reserved.

    C:\Users\admin chuansoon>cmd: -netstat-ano
    ‘cmd:’ is not recognized as an internal or external command,
    operable program or batch file.

    C:\Users\admin chuansoon>

    Please help.

    1. Moss says:

      Remove “cmd:”, write only -netstat -ano it will work now :).

  4. anonymous says:

    hi i can’t find the “Details” i the Task Manager

    I’m using windows 7

    1. Moss says:

      When you open your Task Manager go to Processes tab, if you can’t find PID you can display it in the view setting.

  5. Diego Weatherly says:

    I’m so mad I think i have an extremely sneaky virus on my computer I just built I tried to install KMSPico on it to activate Win10 and it was one of those stupid installers that don’t even work and have a bunch of junkware and stuff, so I pressed “decline” or “skip” on all of the offers, but I think something still managed to get onto my PC, because I now have a few bad folders/malware and I don’t want to format disk because I have a lot of games/programs installed on my SSD and it would take forever to start over. The virus is so bad that whenever I try to go to websites related to anti-malware, the virus literally BLOCKS them. I think it installed some sort of proxy on my computer, so when I go to one of the afore-mentioned websites, it either displays a Google Chrome error page saying the site cannot be reached or it says that there has been an internal server error. There are random folders on my Program Files (x86) folder called naral, annoyingly, shopperpro3, and armies. I got rid of armies and shopperpro3, but no matter how many times I try to delete annoyingly and naral, they don’t go away. I found the root, “network service” and publisher “windows 99”. I ended the process tree in taskmanager, but still couldn’t delete them. There are no files in annoyingly, but the folder keeps popping up again after I delete it, which it lets me do.I have used Malwarebytes’ Junkware Removal Tool, and ran that several times, and it removed some stuff and fixed registries, but the malware keeps putting a target on my Chrome shortcut as searching.com even when I remove the target. I need help. Please respond, as I built the pc for my cousin and have to ship it to his house soon. Thank You!

    1. Moss says:

      Hi Diego, On your chrome browser go to setting and click on reset browser setting, It didn’t work out, try to reinstall chrome. this might help you. and don’t forget to try other browser to see if the problem occur again.

  6. i hope this is working tips for removing virus
    thank for sharing admin keep it up

  7. Andi218 says:

    Hey, on task manager processes aren’t sorted by PID, only by name, CPU, memory and description. How do i make it show the PID?

    1. Moss says:

      Try Task Manager View Option, from there you can add PID column.

Leave a Reply

Your email address will not be published. Required fields are marked *