Society of Robots - Robot Forum

General Misc => Misc => Topic started by: Admin on October 09, 2008, 04:58:11 AM

Title: advanced way to scan for hidden computer viruses
Post by: Admin on October 09, 2008, 04:58:11 AM
Not about robots, but I recommend everyone to do this whether you think you have a virus or not . . . You might find hidden stuff that you didn't know about . . .

I recently got a really nasty virus infection from a lame Java exploit. I visited a proxy site, and not soon after I got over 40+ trojans and viruses. The two hardest infections abused svchost.exe and services.exe, meaning they were darn hard to get rid of.

Besides using the traditional anti-virus software, and the firewall to identify programs that shouldn't be connecting to the internet, there are a few additional programs I learned about that really helped.

The first is HijackThis, which gives you a list of all the processes that run when you start up your computer. You can also remove the useless processes to speed up your PC a bit:
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

(http://i.d.com.com/i/dl/media/dlimage/48/31/3/48313_large.jpeg)

Process Explorer lets you know what processes are currently running, exactly what resources they use, the file locations of each program, etc.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

(http://i.technet.microsoft.com/bb896653.ProcessExplorer1(en-us,MSDN.10).jpg)


Hope someone finds this stuff useful!
Title: Re: advanced way to scan for hidden computer viruses
Post by: paulstreats on October 09, 2008, 02:39:50 PM
Just to add to this list:

I often get people asking me to sort out their computers for them. My latest favourite is the malwarebytes antimalware free edition. It includes a scanner and remover but the real time monitor is disabled in the free edition (which i wouldnt use anyway).

Get it here : http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)

After I used the installed antivirus and anti spyware on a pc not long ago, I ran antimalwre above and it found/removed another 84 viruses (at least 20 of them were vundo variants which infect amonst other things tcp/ip sockets)

Also I used to use superantispyware before i found the one above.

If you have a scanner that finds something that you cant remove (or you have a scanner and dont want to pay to get it upgraded as a remover) then find the virus or spyware here:

http://www.spywaredb.com/spyware-list-1/ (http://www.spywaredb.com/spyware-list-1/)

It will tell you how to manually remove it explaining what system processes to kill, files to delete and registry entries to delete!

Title: Re: advanced way to scan for hidden computer viruses
Post by: izua on October 09, 2008, 02:46:04 PM
Also
-services.msc (only available in xp and further)
-regedit (check run, runonce in all hives)
-msconfig

They basically list all programs that start up with windows. For a virus to run, it must start (like any other program), so it convinces windows to start it the next boot.
If you uncheck a program / disable a service / delete a reg key and it reappears,that's the best indicator you have a virus/trojan/whatever.

If you can't run regedit although you are admin, that's another sign of knowing your box is screwed. You can copy it from system32 to somewhere else, rename it and it will (usually) run.

Careful with those reg keys though.
Title: Re: advanced way to scan for hidden computer viruses
Post by: pomprocker on October 09, 2008, 03:20:25 PM
Hmm, I'm a comp sci major, and I don't seem to know much about battling this stuff :(

maybe cause I have a mac :P
Title: Re: advanced way to scan for hidden computer viruses
Post by: stan on October 09, 2008, 03:37:47 PM
I use Avast.....keeps the viruses to a minimum ...best part home version is free....

norton was 80.00 an igot virus all the time....
Title: Re: advanced way to scan for hidden computer viruses
Post by: pomprocker on October 09, 2008, 04:47:19 PM
I always refer people to google. They have everything.

http://pack.google.com/intl/en/pack_installer.html (http://pack.google.com/intl/en/pack_installer.html)
Title: Re: advanced way to scan for hidden computer viruses
Post by: izaktj on October 10, 2008, 01:00:33 AM
HiJacjTthis is awesome! It helped me a lot for getting rid of a nasty virtumondo infection.
Title: Re: advanced way to scan for hidden computer viruses
Post by: Admin on October 10, 2008, 08:07:09 AM
Thanks pomprocker on the heads up for Spyware Doctor, it found another ~20 trojans on my PC . . . gasp . . .

I already was using Norton Corporate Edition (got it free and unlimited from work), which had found many of the others.

The Smitfraudfix.exe I mentioned earlier, at least the copy I got from a very trusted/knowledgable friend who claimed it was clean and will fix my probs, was infected with IEDefender.exe . . . still trying to get rid of it :-[
I edited my first post to no longer include that program because I can't guarantee its clean from any particular download site . . .

After all the above, I ran MalwareBytes (a 2+ hour scan), but it didn't find anything new.


I guess the lessons I learned were:
being paranoid doesn't work, even the most trusted software can be hijacked - you WILL get a virus
use multiple anti-virus/malware programs, no such thing as a 'cure all' program
Title: Re: advanced way to scan for hidden computer viruses
Post by: airman00 on October 10, 2008, 09:57:15 AM
I guess the lessons I learned were:
being paranoid doesn't work, even the most trusted software can be hijacked - you WILL get a virus
use multiple anti-virus/malware programs, no such thing as a 'cure all' program

and run Mac OSX ;)
Title: Re: advanced way to scan for hidden computer viruses
Post by: izua on October 10, 2008, 11:28:15 AM
yeah, mac os x, or you can use the original thing that evolved from the same root as os x - a unix distro. you have the advantage of knowing how every bit of software in it works, including the kernel.