Your IT Consultant

Nine Steps to Detect a Malware Infection

October 26, 2017

Even though an anti-virus application is installed on your computer, you could have some infection that wasn't caught. Your machine may start acting weird or just is plain slow. CSO has a great post that describes nice easy steps to determine if you have a malware infection.

1. Make sure your computer has an active connection to the internet.
2. Go to Sysinternals.com. It's a Microsoft site.
3. Download Process Explorer and Autoruns. Both are free, as is everything on the site.
4. Unzip these programs. If using Process Explorer, use procexp.exe. If using Autoruns, use autoruns.exe (autorunsc.exe is the command-line version).
5. Right-click and run the program executable as Administrator, so it's running in the Administrator's security context.
6. Run Process Explorer first (I'll explain Autoruns later). Select the Options menu at the top of the screen.
7. Choose VirusTotals.com and Check VirusTotals.com.
8. This will submit all running executables to the VirusTotal website, which is run and maintained by Google. You'll get a message to accept the license; answer Yes. You can close the VirusTotal website that comes up and go back to Process Explorer.
9. In Process Explorer, you'll see a column labeled Virus Total. It will either say Hash Submitted (during the first few seconds) or give you a ratio, something like 0/67, 1/67/ 14/66, and so on.

If your results are small (e.g. 1/64, 2/64) then it is probably false positives. Take a closer look if your results are two or more. There are instructions for killing the malicious processes and even how to get rid of them if they won't "die" on the first attempt. Read the complete post for more detailed instructions.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://www.senseient.com