Page 1 of 1
- FreeBooterSite Admin
OS : Windows 10
Arch. : x64 (64-bit)
Anti-Malware : ESET Smart Security
Posts : 1987
Rubies : 813783
Likes : 206
How to Identify Malicious Software
If your computer starts to behave strangely, you might be experiencing malware infection symptoms or have other unwanted software installed on your computer. In the case of a Trojan horse program or a virus that disguises its source, you might not have such a clear-cut indicator. In those cases, you must be alert for changes in the behavior of your computer that could indicate the presence of a virus or a Trojan horse program.
The tendency of computers to do strange things for no apparent reason can complicate this task. Performance problems, system lockups, and odd error messages are far more likely to be caused by a buggy program or device driver than by a virus. Nevertheless, any time you observe any of the following symptoms, you should take steps to check for the presence of a rogue program:
- Unexpected disk access. By their nature, Trojan horse programs access hard disk files when the local user is doing nothing. However, many legitimate programs, including several components of Windows, also access the hard disk in the background. In some cases—for example, when the Windows Indexing Service is building its catalog of files for a drive—this activity can take a long, long time. If you notice sudden bursts of disk activity, try to trace the responsible application.
- Sudden system slowdowns. A virus or a Trojan horse program can sap system resources and make other activities painfully slow. Unfortunately, so can a wide variety of system configuration problems. If you notice performance problems, try to rule out the presence of a virus as one of the first steps in your troubleshooting process.
- Unexpected network traffic. Many forms of hostile software attempt to hijack your network connection—to spread virus code to other computers, for instance, or to use a Trojan horse program's file-transfer and keyboard logging capabilities to steal information. Unfortunately, a blinking red light on your network adapter is not a surefire sign of a malicious program at work; an increasing number of programs, including antivirus packages, include features that assume you have an always-on Internet connection and check for updates at regular intervals. If you see unexplained network traffic, try to identify its source. Many full-featured personal firewall programs offer excellent tools for identifying and, if necessary, blocking unwanted network connections.
- Changes in the size or name of program files. Viruses and worms spread by infecting other files. If you notice a change in the size or name of an executable file, the alteration could be a sign that the file has been infected (or that the original file has been deleted and replaced with an infected file). Although you aren't likely to notice this type of change by simply looking through file listings, some antivirus and firewall programs will alert you when they detect changes that resemble virus activity.
- Your computer is active for no apparent reason. When you're trying to figure out which application is responsible for a sudden burst of disk or CPU activity, your first stop should be the Processes list in Windows Task Manager. Press Ctrl+Shift+Esc and then click the Processes tab to display a list of all currently active processes. The CPU column shows what percentage of your CPU is in use by each process; by default, it's updated every second. To see which processes are hogging your computer, click the CPU heading twice to sort in descending order. Scroll to the top of the list and watch the display; processes that are currently active will float to the top of the list. If you can't identify an entry in the list of processes, don't assume that it's a hostile program. A much more likely explanation is that the process is a module from a program you installed.
- Typing in a URL to a specific website takes you somewhere else. You are probably infected.
- You begin getting lots of pop-ups ads even when you aren’t on the internet. One especially nasty variety is a popup ad warning you that your computer is infected and instructing you to click on the offered antivirus (it’s fake) to protect your computer - NEVER click anywhere on this popup as any click will give you more trouble. Instead shut down the pop-up through your task manager.
The most reliable way to identify a virus, of course, is by scanning your system with an up-to-date antivirus program. This procedure will reliably detect any virus whose characteristics are included in the program's signature files. Virus scanning is not foolproof, however. Be aware of two potential problems:
- Undetected viruses. The process of creating virus signatures is reactive. After a new virus appears in the wild, software developers must pick it apart, analyze its behavior, add its characteristics to the signature file for their antivirus program, and make the new signature file available. Even if your antivirus program is configured to check for updates regularly, you could be unprotected from a new virus for a short period of time. This lapse in coverage can be extremely damaging in the crucial first few days of a widespread virus attack.
Because new viruses can crop up at any time, you should never rely on antivirus software alone to protect you from potential threats. To add multiple layers of protection, you should block executable e-mail attachments and be sure to install all security updates promptly.
- False positives. In some relatively rare circumstances, an antivirus scan can incorrectly alert you that a program file is infected with a virus when in fact the file is perfectly safe. False positives can usually be attributed to one of two problems: a signature file that contains an erroneous definition of a specific virus; or a heuristic scan that detects the activity of a legitimate program, such as an installer or disk utility, and flags it as a possible virus.
If you suspect that your computer has been infected with a virus, avoid using it to browse the Internet or send e-mail. If you are indeed infected, you risk spreading the virus far and wide by remaining connected to the Internet.
Whenever your antivirus software sounds an alarm, you should take it seriously, but you should also consider the possibility that it might not be the real thing. If the alert includes the name of the suspected virus, head for the antivirus software maker's Web site and try to find additional identifying characteristics of that virus to confirm whether it's actually present on your system. If you can't find a definitive answer, send the suspect file to your antivirus software vendor and ask them to confirm whether it's truly infected or a false positive. In addition, we can help to identify and remove malware infections on any device.
Virus, Adware, & Malware Removal Help
How to Identify Malware Infections with Process Explorer Utility
How to Prevent Malware From Infecting Your Computer
Did you find this tutorial helpful? Don’t forget to share your views with us.
Create an account or log in to leave a reply
You need to be a member in order to leave a reply.
Page 1 of 1
Permissions in this forum:You cannot reply to topics in this forum