Author Topic: advanced way to scan for hidden computer viruses  (Read 8506 times)

0 Members and 1 Guest are viewing this topic.

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,663
  • Helpful? 169
    • Society of Robots
advanced way to scan for hidden computer viruses
« on: October 09, 2008, 04:58:11 AM »
Not about robots, but I recommend everyone to do this whether you think you have a virus or not . . . You might find hidden stuff that you didn't know about . . .

I recently got a really nasty virus infection from a lame Java exploit. I visited a proxy site, and not soon after I got over 40+ trojans and viruses. The two hardest infections abused svchost.exe and services.exe, meaning they were darn hard to get rid of.

Besides using the traditional anti-virus software, and the firewall to identify programs that shouldn't be connecting to the internet, there are a few additional programs I learned about that really helped.

The first is HijackThis, which gives you a list of all the processes that run when you start up your computer. You can also remove the useless processes to speed up your PC a bit:
http://www.download.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html



Process Explorer lets you know what processes are currently running, exactly what resources they use, the file locations of each program, etc.
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx




Hope someone finds this stuff useful!
« Last Edit: October 10, 2008, 02:33:09 AM by Admin »

Offline paulstreats

  • Supreme Robot
  • *****
  • Posts: 1,381
  • Helpful? 21
Re: advanced way to scan for hidden computer viruses
« Reply #1 on: October 09, 2008, 02:39:50 PM »
Just to add to this list:

I often get people asking me to sort out their computers for them. My latest favourite is the malwarebytes antimalware free edition. It includes a scanner and remover but the real time monitor is disabled in the free edition (which i wouldnt use anyway).

Get it here : http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

After I used the installed antivirus and anti spyware on a pc not long ago, I ran antimalwre above and it found/removed another 84 viruses (at least 20 of them were vundo variants which infect amonst other things tcp/ip sockets)

Also I used to use superantispyware before i found the one above.

If you have a scanner that finds something that you cant remove (or you have a scanner and dont want to pay to get it upgraded as a remover) then find the virus or spyware here:

http://www.spywaredb.com/spyware-list-1/

It will tell you how to manually remove it explaining what system processes to kill, files to delete and registry entries to delete!


Offline izua

  • Supreme Robot
  • *****
  • Posts: 682
  • Helpful? 0
Re: advanced way to scan for hidden computer viruses
« Reply #2 on: October 09, 2008, 02:46:04 PM »
Also
-services.msc (only available in xp and further)
-regedit (check run, runonce in all hives)
-msconfig

They basically list all programs that start up with windows. For a virus to run, it must start (like any other program), so it convinces windows to start it the next boot.
If you uncheck a program / disable a service / delete a reg key and it reappears,that's the best indicator you have a virus/trojan/whatever.

If you can't run regedit although you are admin, that's another sign of knowing your box is screwed. You can copy it from system32 to somewhere else, rename it and it will (usually) run.

Careful with those reg keys though.
Check out my homepage for in depth tutorials on microcontrollers and electronics.

Offline pomprocker

  • Supreme Robot
  • *****
  • Posts: 1,430
  • Helpful? 16
  • Sorry miss, I was giving myself an oil-job.
Re: advanced way to scan for hidden computer viruses
« Reply #3 on: October 09, 2008, 03:20:25 PM »
Hmm, I'm a comp sci major, and I don't seem to know much about battling this stuff :(

maybe cause I have a mac :P

Offline stan

  • Jr. Member
  • **
  • Posts: 28
  • Helpful? 0
Re: advanced way to scan for hidden computer viruses
« Reply #4 on: October 09, 2008, 03:37:47 PM »
I use Avast.....keeps the viruses to a minimum ...best part home version is free....

norton was 80.00 an igot virus all the time....
I have a brain tumor and whats your excuse?

Offline pomprocker

  • Supreme Robot
  • *****
  • Posts: 1,430
  • Helpful? 16
  • Sorry miss, I was giving myself an oil-job.
Re: advanced way to scan for hidden computer viruses
« Reply #5 on: October 09, 2008, 04:47:19 PM »
I always refer people to google. They have everything.

http://pack.google.com/intl/en/pack_installer.html

Offline izaktj

  • Robot Overlord
  • ****
  • Posts: 216
  • Helpful? 0
Re: advanced way to scan for hidden computer viruses
« Reply #6 on: October 10, 2008, 01:00:33 AM »
HiJacjTthis is awesome! It helped me a lot for getting rid of a nasty virtumondo infection.

Offline AdminTopic starter

  • Administrator
  • Supreme Robot
  • *****
  • Posts: 11,663
  • Helpful? 169
    • Society of Robots
Re: advanced way to scan for hidden computer viruses
« Reply #7 on: October 10, 2008, 08:07:09 AM »
Thanks pomprocker on the heads up for Spyware Doctor, it found another ~20 trojans on my PC . . . gasp . . .

I already was using Norton Corporate Edition (got it free and unlimited from work), which had found many of the others.

The Smitfraudfix.exe I mentioned earlier, at least the copy I got from a very trusted/knowledgable friend who claimed it was clean and will fix my probs, was infected with IEDefender.exe . . . still trying to get rid of it :-[
I edited my first post to no longer include that program because I can't guarantee its clean from any particular download site . . .

After all the above, I ran MalwareBytes (a 2+ hour scan), but it didn't find anything new.


I guess the lessons I learned were:
being paranoid doesn't work, even the most trusted software can be hijacked - you WILL get a virus
use multiple anti-virus/malware programs, no such thing as a 'cure all' program

Offline airman00

  • Contest Winner
  • Supreme Robot
  • ****
  • Posts: 3,653
  • Helpful? 21
  • narobo.com
Re: advanced way to scan for hidden computer viruses
« Reply #8 on: October 10, 2008, 09:57:15 AM »
I guess the lessons I learned were:
being paranoid doesn't work, even the most trusted software can be hijacked - you WILL get a virus
use multiple anti-virus/malware programs, no such thing as a 'cure all' program

and run Mac OSX ;)
Check out the Roboduino, Arduino-compatible board!


Link: http://curiousinventor.com/kits/roboduino

www.Narobo.com

Offline izua

  • Supreme Robot
  • *****
  • Posts: 682
  • Helpful? 0
Re: advanced way to scan for hidden computer viruses
« Reply #9 on: October 10, 2008, 11:28:15 AM »
yeah, mac os x, or you can use the original thing that evolved from the same root as os x - a unix distro. you have the advantage of knowing how every bit of software in it works, including the kernel.
Check out my homepage for in depth tutorials on microcontrollers and electronics.

 


Get Your Ad Here

data_list