December 3, 2015
How to Hunt Down Malware in Your Windows OS
December 3, 2015
*- When executed, it copies itself to a safe location like C:WindowsSystem32 etc.
*- Then, it adds itself to the startup, usually via the registry.
*- Next, it will communicate back to the attacker or will just stay latent for some time.
*- Eventually, it will start doing what it's programmed to do.It's not necessary for malware to follow this pattern, but most of them use it. Let's Start...Once you've downloaded the tools above, extract them to the location you choose and start your hunt. If there's malware on your computer it should be running in the memory. Check all programs that are currently running by using a tool in the Sysinternals Suite called 'Process Explorer'. Process Explorer will show you almost every program currently running in the computer.Look for any suspicious process, which can be noticed via its name or properties. Once you have found one, check it by right clicking on it and selecting 'Search Online'. This will tell you a lot of things about the process.Once you have checked a suspicious process and you think that it could be a malware, right click on it and select 'Kill Process' or 'Kill Process Tree'. This action will terminate the malware.In the next step, we want to make sure the malware doesn't start up with the computer. For this purpose, open another utility available in the suite called 'Autoruns,' which shows every single file that starts automatically in Windows. Just as the previous technique, look for any suspicious startup files and then check it via the 'Search Online' method. If if you think that it's a bad file, right click on it and select 'Delete,' which will stop it from running automatically again. You can manually locate the file and delete it. If there are any errors in removing it, run Windows in Safe Mode.The last step is to check for all currently opened TCP/IP and UDP ports on the computer and suspicious processes via the software 'CurrPorts' (mentioned above). This software will not only show what ports are open, it will also highlight the suspicious processes to check. SummaryIf you follow all steps properly, you'll hopefully be able to hunt down any malware on a machine. Note that hunting might prove difficult for inexperienced users. I also want to mention that there may be lot of other ways to check for malware you may know, but I just wanted to show you guys an easy way.For any support, suggestions or questions, you can always mail me at 'Usmanaura47@gmail.com'.