How can you tell if a Windows machine is part of a Botnet?

There is a distinction.

• "I went to the hospital" describes the act of physically visiting the physical hospital building. "I went to hospital" describes the wider act of having been infirmed and gone to the hospital building, possibly with a stay, and having been seen by a nurse/doctor.

• Similarly, "he just got out of the hospital" implies that "he" has stepped out of the building, possibly having popped into the hospital shop for a lottery ticket; "he just got out of hospital" says that "he" has been discharged and is probably feeling much better.

• "I went to the school" describes the act of physically visiting the physical building, whereas "I went to school" talks about the wider act of having spent the day in an educational institution learning from your teachers.

You could mix and match them, but it's quite common to leave out the article in what is the more common case.

• 4 Useful Tools To Detect And Remove A Potential Botnet
• If you get more enterprising, checkout the Darknet schemes
• A more focused blacklist method is given by OpenDNS too.
• If it is Conficker you want to check, start with this quick EyeChart test

I would recommend three tools for determining if your system is part of a botnet. The sysinternals tool suite is a must have for this process. The three tools listed below are the ones you will use for this process.

Process Explorer, TCPView Filemon

The first step is to run TCPView to see if you are talking to any strange addresses across the web. You should be able to recognize all of the sites you are talking to. If you find a site you are acessing that you do not recognize, then this is the time to look closer into what is going on.

Generally speaking when you have a botnet on your machine it will reach out across the internet at some point and when it does be sure to notice.

Once you have identified the unauthorized traffic, you can usually see which program is attempting to make the connection. This is where you go to proces explorer and here you will try to glean as much useful information as possible about the process. Also be sure to take note when you terminate the suspicious process. If you get the right process, the unauthorized communication across the wire should stop.

Next you go to filemon to make sure the malware has not opened another file in an attempt to keep itself alive.

This is a cyclical process, but as you eliminate the programs one at a time, you will find your problem if there is one.

There was an in-depth discussion on the topping at Slashdot yesterday - How Can I Tell If My Computer Is Part of a Botnet?