How to Hunt Down Malware in Your Windows OS

December 3, 2015 | Views: 22831

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

If you’ve read my older articles 7 Steps to Create a Defensive Security Shield for MS Windows and Ethical Hacking: How To Use Batch Programming then you might have noticed one thing: getting hacked on a Windows machine is so damn easy. I thought that I should give you guys some info on how to hunt down malware in your computer. As always, some old school information…

 

How Is This Stuff Going To Help Me?

You’re just a common computer user, system administrator, H@cker or anyone else working on a Windows Based Computer and one day (actually On A Bad Day), you notice that your computer has started to do weird things. It might be showing error messages for no reason or your data gets messed up without your intent. Then, an alarm will start ringing in your head. You’ll go and grab an antivirus for your computer so that you can scan your computer.

What if you could remove nasty viruses from your computer without using any antivirus? Another scenario can be simple. You just want to check your computer to make sure that there’s no virus running around.

 

What Software Do I Need?

I have spent a lot of time to find freeware software for this purpose.

Download some freeware software called….

1) Sysinternals Suite

2) CurrPorts

 

How Does Malware Operate?

Each type of malware works differently from the other, but I’ve found a common way malware starts operating, which is:

*- When executed, it copies itself to a safe location like C:WindowsSystem32 etc.

*- Then, it adds itself to the startup, usually via the registry.

*- Next, it will communicate back to the attacker or will just stay latent for some time.

*- Eventually, it will start doing what it’s programmed to do.

It’s not necessary for malware to follow this pattern, but most of them use it.

 

Let’s Start…

Once you’ve downloaded the tools above, extract them to the location you choose and start your hunt. If there’s malware on your computer it should be running in the memory. Check all programs that are currently running by using a tool in the Sysinternals Suite called ‘Process Explorer‘. Process Explorer will show you almost every program currently running in the computer.

Look for any suspicious process, which can be noticed via its name or properties. Once you have found one, check it by right clicking on it and selecting ‘Search Online’. This will tell you a lot of things about the process.

Once you have checked a suspicious process and you think that it could be a malware, right click on it and select ‘Kill Process’ or ‘Kill Process Tree’. This action will terminate the malware.

In the next step, we want to make sure the malware doesn’t start up with the computer. For this purpose, open another utility available in the suite called ‘Autoruns,‘ which shows every single file that starts automatically in Windows. Just as the previous technique, look for any suspicious startup files and then check it via the ‘Search Online’ method. If if you think that it’s a bad file, right click on it and select ‘Delete,’ which will stop it from running automatically again. You can manually locate the file and delete it. If there are any errors in removing it, run Windows in Safe Mode.

The last step is to check for all currently opened TCP/IP and UDP ports on the computer and suspicious processes via the software ‘CurrPorts‘ (mentioned above). This software will not only show what ports are open, it will also highlight the suspicious processes to check.

 

Summary

If you follow all steps properly, you’ll hopefully be able to hunt down any malware on a machine. Note that hunting might prove difficult for inexperienced users. I also want to mention that there may be lot of other ways to check for malware you may know, but I just wanted to show you guys an easy way.

For any support, suggestions or questions, you can always mail me at ‘Usmanaura47@gmail.com’.

Share with Friends
FacebookTwitterLinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterLinkedInEmail
Ready to share your knowledge and expertise?
43 Comments
  1. @usman47

    Good presentation and like others above enjoyed reading it. If I have any problems in implementation I shall get in touch.

    Many thanks

  2. Hijackthis will do the same thing.

  3. Beautiful in presentation.Easy to understand and implement.You did a great job

  4. Well written and simplified the process…. These are definitely powerful utilities and very helpful in hunting down malicious software… Thnx for sharing..

  5. Yesssssssssss, Finaly what I have been looking for!… Thank God

Page 7 of 8« First...«45678»
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel