Middlebury

Viruses and malware

Revision as of 08:24, 11 July 2008 by Christopher Hunt (talk | contribs) (Added cleaning steps)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

First question: Is it actually malware?

Cleaning

Malware Pack is great as long as it's up-to-date but I find it much more thorough to clean things manually.

  • Back up files & data.
  • Install SAV, update, and do a full scan. Just because nothing is found, doesn't mean that nothing is there.
  • Install Spybot, do a full scan.
  • Install & run HijackThis, save a log file, check the log file against HijackThis.de . If you have the time & courage, look over the entries manually. If you think a filename might be suspicious, google it and look at the number of results returned (in the thousands or the millions?) and website titles for any indication of whether the file is OK.
  • In Windows Explorer, check C:\WINDOWS and C:\WINDOWS\system32 for suspicious files: 1) In Details view, sort files by date modified. Look around the month that the problems started appearing. Generally, only DLL and EXE files are dangerous. 2) Show the Comments and Company Info columns. Malware often has no details entered in here (although they could easily do so). 3) Scan filenames for gibberish or "unprofessional" names. Much malware can be spotted by an obvious filename.
  • Check for rootkits: Sysinternals Rootkit Revealer

That's the max # steps I normally do. If you have more, just add / modify them in. --Hunt, Christopher 09:24, 11 July 2008 (EDT)