How to Hunt Down Malware in Your Windows OS

December 3, 2015 | Views: 23490

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

If you’ve read my older articles 7 Steps to Create a Defensive Security Shield for MS Windows and Ethical Hacking: How To Use Batch Programming then you might have noticed one thing: getting hacked on a Windows machine is so damn easy. I thought that I should give you guys some info on how to hunt down malware in your computer. As always, some old school information…


How Is This Stuff Going To Help Me?

You’re just a common computer user, system administrator, H@cker or anyone else working on a Windows Based Computer and one day (actually On A Bad Day), you notice that your computer has started to do weird things. It might be showing error messages for no reason or your data gets messed up without your intent. Then, an alarm will start ringing in your head. You’ll go and grab an antivirus for your computer so that you can scan your computer.

What if you could remove nasty viruses from your computer without using any antivirus? Another scenario can be simple. You just want to check your computer to make sure that there’s no virus running around.


What Software Do I Need?

I have spent a lot of time to find freeware software for this purpose.

Download some freeware software called….

1) Sysinternals Suite

2) CurrPorts


How Does Malware Operate?

Each type of malware works differently from the other, but I’ve found a common way malware starts operating, which is:

*- When executed, it copies itself to a safe location like C:WindowsSystem32 etc.

*- Then, it adds itself to the startup, usually via the registry.

*- Next, it will communicate back to the attacker or will just stay latent for some time.

*- Eventually, it will start doing what it’s programmed to do.

It’s not necessary for malware to follow this pattern, but most of them use it.


Let’s Start…

Once you’ve downloaded the tools above, extract them to the location you choose and start your hunt. If there’s malware on your computer it should be running in the memory. Check all programs that are currently running by using a tool in the Sysinternals Suite called ‘Process Explorer‘. Process Explorer will show you almost every program currently running in the computer.

Look for any suspicious process, which can be noticed via its name or properties. Once you have found one, check it by right clicking on it and selecting ‘Search Online’. This will tell you a lot of things about the process.

Once you have checked a suspicious process and you think that it could be a malware, right click on it and select ‘Kill Process’ or ‘Kill Process Tree’. This action will terminate the malware.

In the next step, we want to make sure the malware doesn’t start up with the computer. For this purpose, open another utility available in the suite called ‘Autoruns,‘ which shows every single file that starts automatically in Windows. Just as the previous technique, look for any suspicious startup files and then check it via the ‘Search Online’ method. If if you think that it’s a bad file, right click on it and select ‘Delete,’ which will stop it from running automatically again. You can manually locate the file and delete it. If there are any errors in removing it, run Windows in Safe Mode.

The last step is to check for all currently opened TCP/IP and UDP ports on the computer and suspicious processes via the software ‘CurrPorts‘ (mentioned above). This software will not only show what ports are open, it will also highlight the suspicious processes to check.



If you follow all steps properly, you’ll hopefully be able to hunt down any malware on a machine. Note that hunting might prove difficult for inexperienced users. I also want to mention that there may be lot of other ways to check for malware you may know, but I just wanted to show you guys an easy way.

For any support, suggestions or questions, you can always mail me at ‘’.

Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Wonderful tips!

  2. Thanks for this awesome post …:)

  3. Process Explorer found the process on my computer it is sass.exe process I Googled it search result showed that it is dangerous Trojan but I can’t kill the process it is not accessible access is denied. Now what should I do with it?

  4. Thanks sir.

Page 6 of 8« First...«45678»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?