Home 0P3N Blog How to Hunt Down Malware in Your Windows OS
Ready to Start Your Career?
Create Free Account
usman47 s profile image
By: usman47
December 3, 2015

How to Hunt Down Malware in Your Windows OS

By: usman47
December 3, 2015
usman47 s profile image
By: usman47
December 3, 2015
fiber-optic-light-streaks-2-cybraryIf you've read my older articles 7 Steps to Create a Defensive Security Shield for MS Windows and Ethical Hacking: How To Use Batch Programming then you might have noticed one thing: getting hacked on a Windows machine is so damn easy. I thought that I should give you guys some info on how to hunt down malware in your computer. As always, some old school information... How Is This Stuff Going To Help Me?You're just a common computer user, system administrator, H@cker or anyone else working on a Windows Based Computer and one day (actually On A Bad Day), you notice that your computer has started to do weird things. It might be showing error messages for no reason or your data gets messed up without your intent. Then, an alarm will start ringing in your head. You'll go and grab an antivirus for your computer so that you can scan your computer.What if you could remove nasty viruses from your computer without using any antivirus? Another scenario can be simple. You just want to check your computer to make sure that there's no virus running around. What Software Do I Need?I have spent a lot of time to find freeware software for this purpose.Download some freeware software called....1) Sysinternals Suite2) CurrPorts How Does Malware Operate?Each type of malware works differently from the other, but I've found a common way malware starts operating, which is:

*- When executed, it copies itself to a safe location like C:WindowsSystem32 etc.

*- Then, it adds itself to the startup, usually via the registry.

*- Next, it will communicate back to the attacker or will just stay latent for some time.

*- Eventually, it will start doing what it's programmed to do.

It's not necessary for malware to follow this pattern, but most of them use it. Let's Start...Once you've downloaded the tools above, extract them to the location you choose and start your hunt. If there's malware on your computer it should be running in the memory. Check all programs that are currently running by using a tool in the Sysinternals Suite called 'Process Explorer'. Process Explorer will show you almost every program currently running in the computer.Look for any suspicious process, which can be noticed via its name or properties. Once you have found one, check it by right clicking on it and selecting 'Search Online'. This will tell you a lot of things about the process.Once you have checked a suspicious process and you think that it could be a malware, right click on it and select 'Kill Process' or 'Kill Process Tree'. This action will terminate the malware.In the next step, we want to make sure the malware doesn't start up with the computer. For this purpose, open another utility available in the suite called 'Autoruns,' which shows every single file that starts automatically in Windows. Just as the previous technique, look for any suspicious startup files and then check it via the 'Search Online' method. If if you think that it's a bad file, right click on it and select 'Delete,' which will stop it from running automatically again. You can manually locate the file and delete it. If there are any errors in removing it, run Windows in Safe Mode.The last step is to check for all currently opened TCP/IP and UDP ports on the computer and suspicious processes via the software 'CurrPorts' (mentioned above). This software will not only show what ports are open, it will also highlight the suspicious processes to check. SummaryIf you follow all steps properly, you'll hopefully be able to hunt down any malware on a machine. Note that hunting might prove difficult for inexperienced users. I also want to mention that there may be lot of other ways to check for malware you may know, but I just wanted to show you guys an easy way.For any support, suggestions or questions, you can always mail me at 'Usmanaura47@gmail.com'.
Schedule Demo

Build your Cybersecurity or IT Career

Accelerate in your role, earn new certifications, and develop cutting-edge skills using the fastest growing catalog in the industry