How To Find Malicious Code

Table of contents:

How To Find Malicious Code
How To Find Malicious Code

Video: How To Find Malicious Code

Video: How To Find Malicious Code
Video: Assisted Lab Identifying Malicious code 2024, December
Anonim

Virus and Trojans are constantly evolving, so it is highly likely that the antivirus will not detect malware. Nevertheless, in some cases, an attentive user can independently find and remove a destructive program.

How to find malicious code
How to find malicious code

Necessary

anti-virus utilities

Instructions

Step 1

Antivirus programs are able to detect only viruses they are familiar with by looking at the signature database. If the virus is not yet in the databases, the protection program will not detect it. However, an attentive user may notice certain signs of malicious code operation.

Step 2

Be attentive to any events that you do not understand that occur with your computer. For example, a firewall message appears stating that an application is trying to access the network. Or you are not currently opening any pages on the Internet, but the indicator in the tray signals about network activity. It happens that the computer is running very slowly, the Task Manager shows a high CPU load by a process unknown to you, etc. etc. Any incomprehensible event should make you wary.

Step 3

First of all, open Command Prompt: Start - All Programs - Accessories - Command Prompt. Enter the command netstat –aon and see the list of network connections, before doing this, close your browser and any other programs that use the Internet. Review the list of connections - in particular, evaluate the open ports and addresses to which you are connecting. As a rule, suspicious connections can be detected already at this stage.

Step 4

Pay attention to the PID column, it contains the process identifiers. Remember the identifier of the suspicious process, then enter the tasklist command in the same window. You will see a list of running processes. Find the identifier of the suspicious process in the second column, to the left of it (in the first column) you will see the process name.

Step 5

Knowing the name of a process, you can already figure out which program it belongs to. The easiest way is to type it in a search engine, you will get all the information you need. If it is said that the process belongs to a virus or Trojan horse, then you have found destructive software. It remains only to determine where it starts from, where the autostart keys are located.

Step 6

The AnVir Task Manager utility provides very detailed information about the processes. With its help, you can find out the location of the file that started the process and the autostart keys in the system registry. The utility itself is capable of finding many virus programs, and for running processes it shows the degree of their potential danger.

Step 7

The Process Hacker utility is a good help in finding malware. It shows all running processes and their identifiers, allows you to monitor network activity. A small utility called Process Hunter, which allows you to view various types of processes, also has quite good capabilities.

Step 8

The destructive process and its file must be deleted. If you wish, you can send the file of the malicious program to the anti-virus manufacturers; there are special forms for sending on their websites. This will help other users to avoid infecting their computers.

Recommended: