UtterAccess.com
X   Site Message
(Message will auto close in 2 seconds)

Welcome to UtterAccess! Please ( Login   or   Register )

Custom Search
 
   Reply to this topicStart new topic
> Free Aniti-Malware & Diag Tools from Microsoft and More, Microsoft Windows XP and Up    
 
   
CyberCow
post Mar 14 2012, 03:14 PM
Post#1


UdderAccess Admin + UA Ruler
Posts: 19,555
Joined: 27-April 02
From: Upper MI


The Sysinternals web site was created in 1996 by Mark Russinovich and Bryce Cogswell to host their advanced system utilities and technical information. Whether you're an IT Pro or a developer, you'll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.
While the Windows Sysinternals site contains many useful tools for troubleshooting and diagnosis, there are three that are "must have"'s for any PC user. With a bit of reading any user can get a grip on what they are and how to work them. Those three essential tools are:
AutoRuns - See what programs are configured to startup automatically when your system boots and you login. Autoruns also shows you the full list of Registry and file locations where applications can configure auto-start settings.
Process Explorer - Find out what files, registry keys and other objects processes have open, which DLLs they have loaded, and more. This uniquely powerful utility will even show you who owns each process.
Process Monitor - Monitor file system, Registry, process, thread and DLL activity in real-time.
These tools are by no means automatic like the expensive ant-virus/anti-malware utilities out there; but they give you the means to ferret out a PC booger for free. The only invcestment is your time - which a virus or malware will have already stolen.
These and all the other tools found on the Windows Sysinternals site are free to download and use. I urge you to acquire at least the three listed in this post and read the web page that each link will lead you to. These three tools at least are very easy to learn and use.
I've found these tools so valuable that I have them on all of my PC's and a number of thumbdrives for several years when I first learned about them. I also copied the web page content saved as text files for each so I have a copy of the instructions as well. They are also regularly updated, so it is also a good idea to re-visit the Windows Sysinternals site every now and then to get the latest versions.
If you believe you have a bug, use the following notes to route it (them) out . . .
* Disconnect from the net work
* Identify any malicious processes and drivers (see "Tools Used" below)
* Terminate identified processes
* Identify and delete malware autostarts
* Delete malware files
* Reboot, rinse 'n' repeat
Investigate processes that:
... Have no icon
... Have no description or company name
... Unsigned Microsoft images
... Live in Windows directory or user profile
... Are packed
... Includes strange URLs in their strings
... Have open TCP/IP endpoints
... Host suspicious dlls or services
Tools Used:
1) Process Explorer
____Put suspected malicious processes to 'sleep' first (suspend)
____Record full path to each malicious EXE and DLL
____Put them to sleepfirst, then terminate
____Watch closely for returning candidates (using the Process Monitor)
2) Autoruns
____Include empty locations
3) Process Monitor
____Hover over items in list for for tooltip info (path)
Last but certainly not least: MalwareBytes Anti-Malware - also known as MBAM has both a free and premium version of its awesome anti-malware toolkit.
If you have any questions or problems you want to raise, please do so in the Virus + Security Discussion Forum. Thanks!
Go to the top of the page
 


Custom Search
RSSSearch   Top   Lo-Fi    14th December 2017 - 09:42 PM