How would YOU do a random check on your PC?

General Topics
1

Dear Forum,

How would YOU undertake a random check on your PC for viruses, malware, spyware etc.?

Which programmes or processes would you use?

Before you write ‘I only check my system when I see symptoms…’, consider the emphasis on how WOULD you undertake a random check.

Here is my thoughts list… would be keen to hear any suggestions…

  • full boot-time scan with Avast
  • full scan with Malwarebytes Anti-Malware
  • scan with HijackThis and upload analysis to www.hijackthis.de

Enjoy the weekend!

Avastfan1

2

I do this every month or two, just to check the system health. I haven’t recently been at all concerned about “symptoms”; that would prompt a more exhaustive check, but for a basic random check I

  • Run a quick scan with Avast, and
  • Run a quick check with MBAM.

Nothing is ever found. The odd FP over 3 years. Investigation usually relegates that to FP status fairly quickly.

When checking a different, unknown computer, the approach is a little different, and starts with MBAM installed via a flash drive, and then go from there.

3

Run a full AV scan

Run a full MBAM scan

And if I want a third opinion, run an on-line scan with NOD32.

4

what about g data they have your engine

5

http://rejzor.freeforums.eu/malware-and-spyware-cleaning-lab-f14/general-malware-cleaning-quick-guide-t6.htm

This is pretty much how i do it. No on my system but it’s fun to watch how number of detection increases :slight_smile: Then i run Process Explorer and Autoruns and cleanup the junk that’s autorunning and restoring on startup. So far, unless file infectors are involved, this worked pretty well. For file infectors, the only way to do it is to take out the hard drive (if it’s bootable), place it in some other system and clean it there without running anything from it. It’s usually the best to restore infected executables from backup or original Windows disc if Sality or Virut are involved. Other more simple infectors can be cleaned fully.

6

I’m surprised that avast! isn’t listed as one of the tools to use in your General Malware Cleaning Guide. ???

7

Me? First I would check my tasklist for any suspicious processes. I pretty much remember all system ones I have. Just in case, here is the list as of WinXP. Then, I run a full check with MBAM and Avast boot-time scan, take a cup of cofee/tea/cola/whatever-the-heck while it does it. Next, I go dig in my Windows directory. Anyone interested may get the full list of it’s files here (it uses forward slashes instead of backward ones here… GNU coreutils. But you’ll get it). There were some minor changes in next Windows versions, but… Then, I run “netstat /b” to see if anything uses the network which I didn’t run. There is a few other checks to run, but usually this is all that’s necessary.

8

Update Avast and Malwarebytes.

Disconnect from net.

Delete all junk files on all users.

Run Avast and Malwarebytes full scan.

9

Thank you all for the contributions. Much appreciated.

Best wishes,

Avastfan1

10

Run Windows Cleanup! (set to clean all users)

Manually check registry for malicious “run on startup” items

Quick MBAM

Quick Avast scan

That’s about it for a computer that doesn’t seem to be infected by anything.

11

Could you kindly provide specific instructions how to do this?

12

Well, I can’t really. Over the years, I’ve pretty much learned what’s good and what isn’t. You could do it of course, but I guess you’ll have to do research on everything you see in there, until you get familiar with the regular processes.

Anyway, everything that runs on startup of the machine is in HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Everything that starts up for a particular user (when you’re logged in as said user) is HKCU"" “”

Just take a look at where the files are, and what it’s named. If it’s got a really screwy name, and is in a strange place (like a temp folder for example), then it’s probably bad.

Just look at the actual file names and do google searches for the ones that you aren’t familiar with. After a while, you’ll memorize the good ones, and the bad ones will stick out like a sore thumb (because it will likely be the first time you’ve seen it).

It’s also a good place to remove unneeded startup entries, like quicktime or something like an audio control panel (if you don’t use it). Lots of things get in this list that really aren’t necessary. It’s just something that you have to take your time with and learn I guess.

13

If your using WinPartol, simply check the startup items category.
If you aren’t using WinPartol, you should start. :slight_smile: ;D

14

Thank you both for the suggestions/information.

There are three items in ‘My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\Currentversion\run’:

  1. Name:(Default) Type: REG_SZ Data: (Value not set)
  2. Name:ctfmon.exe Type: REG_SZ Data: C:\WINDOWS\System32\ctfmon.exe
  3. Name: WMPNSCFG Type: Reg_SZ Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe

Is the first one suspicious? :open_mouth:

15

No, it’s not pointing to anything, and that’s a default value that is just supposed to sit there.

It’s not an issue.

The other two are safe.

16

Even though one out of 43 providers on Virustotal.com registers ctfmon.exe as Win32.Banker?

Why do the other 42 register nothing? :S

17

I’ve set my Antivirus do a full scan every night when I’m asleep, and same about Malwarebytes Antimalware, I’ve set it to update and full scan every night.

but in case of doubt, I do this http://sites.google.com/site/boelectronic/computer/security/virus-removing (except #6 and #8)

also, I often check my system with SystemInternals Autoruns for any new entries I might don’t like!

18

Great to see you back Omid!

I missed your cool posts on the forum! :slight_smile:

19

Thank you Avastfan1, I read the forum often, I’ve not been too far! :wink: