Scribd
Upload
102 views

10 Ways To Detect Computer Malware

This document discusses 10 ways to detect computer malware, including using process explorer and hijackthis to create a baseline of normal system processes, using vulnerability scanners like MBSA and Secunia to identify vulnerabilities, using antivirus software, and using malware removal tools like the Microsoft Malicious Software Removal Tool, SUPERAntiSpyware, Malwarebytes Anti-Malware, and GMER which is effective at detecting rootkits. The key is taking a layered approach including keeping systems updated, regular scanning, and comparing to a baseline to identify any malware that may have infiltrated the system.

Uploaded by

EHICO
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
102 views

10 Ways To Detect Computer Malware

This document discusses 10 ways to detect computer malware, including using process explorer and hijackthis to create a baseline of normal system processes, using vulnerability scanners like MBSA and Secunia to identify vulnerabilities, using antivirus software, and using malware removal tools like the Microsoft Malicious Software Removal Tool, SUPERAntiSpyware, Malwarebytes Anti-Malware, and GMER which is effective at detecting rootkits. The key is taking a layered approach including keeping systems updated, regular scanning, and comparing to a baseline to identify any malware that may have infiltrated the system.

Uploaded by

EHICO
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 19

10 ways to detect computer malware

By Michael P. Kassner

Cybercriminals are putting forth


every effort to make malware
difficult to detect. Successfully, I
might add. Ever optimistic, I
thought I would have a go at
providing information on how to
make their job more difficult.
What is computer malware?

With all the different terms, definitions, and terminology, trying to figure out what’s what
when it comes to computer malware can be difficult. To start things off, let’s define some key
terms that will be used throughout the presentation:

• Malware: Is malicious software that’s specifically developed to infiltrate or cause


damage to computer systems without the owners knowing or their permission.

• Malcode: Is malicious programming code that’s introduced during the development


stage of a software application and is commonly referred to as the malware’s payload.

• Anti-malware: Includes any program that combats malware, whether it’s real-time
protection or detection and removal of existing malware. Anti-virus, anti-spyware
applications and malware scanners are examples of anti-malware.

Keeping the above definitions in mind, let’s look at 10 ways to detect computer malware.
Base-lining is an important reference

• Knowing exactly what is running on a computer is paramount to


learning what shouldn’t be.

• Creating a reference base-line is the best way I’ve found to accomplish


this.

• Let’s look at three applications that do just that.


1: Microsoft’s Process Explorer

• Process Explorer is an excellent way to determine what processes


are running on a computer.

• Process Explorer also describes the function of each process.

• More importantly, Process Explorer can be used to create a base-


line of the running processes used by the computer when it’s
operating correctly.

• If for some reason, the computer starts behaving poorly, run


Process Explorer again and compare the scans.

• Any differences would be good places to start looking for malware.


2: Trend Micro’s HiJackThis
• HiJackThis is Process Explorer on steroids, making the application
somewhat daunting to those of us not completely familiar with
operating systems.

• Still, running HiJackThis before having malware problems creates a


great reference base-line, making it easy to spot changes.

• If it’s too late to run a base-line scan, do not fear. There are several
Web sites with on-line applications that will automatically analyze
the log file from HiJackThis, pointing out possible conflicts. Two that
I use are HiJackThis.de Security and NetworkTechs.com.

• If you would rather have trained experts help, I would recommend


WindowSecurity.com’s HiJackThis forum.
3: Kaspersky’s GetSystemInfo

• Kaspersky has an application similar to HiJackThis called


GetSystemInfo.

• I like the fact that Kaspersky has an online parser. Just upload the
log file and the parser will point out any disparities.

• GetSystemInfo like the other scanners is a good way to keep track


of what’s on the computer, and if need be help find any malware
that happens to sneak in.
Requires caution on our part

• As I alluded to earlier, removing processes suggested by the


scanners is not for the faint of heart.

• It requires in-depth knowledge of operating systems or being able


to compare before and after scans.

• Next, I’d like to discuss two vulnerability scanners.


It’s simple, no vulnerabilities no malware

• Remember the definition of anti-malware? Combat malware by


providing real-time protection or malware removal.
•  
• That’s exactly what vulnerability scanners do. Proactively, detect
vulnerabilities so malware cannot gain a foot hold.

• I’d rather update applications than chase malware any day.


4: Microsoft Baseline Security Analyzer

• Microsoft Baseline Security Analyzer (MBSA) is a


vulnerability scanner that detects insecure configuration
settings and checks all installed Microsoft products for
missing security updates.

• I recommend using MBSA when upper management needs


convincing. Making a case for needing a vulnerability
scanner is sometimes easier if the product is from the
OEM.
5: Secunia inspection scanners

• Secunia’s scanners are similar to MBSA when it comes to


Microsoft products.

• Unlike MBSA, Secunia products also scan hundreds of third party


applications, which gives Secunia a distinct advantage.

• All the Secunia scanners, on-line and client-side have a very


intuitive way of determining what is wrong and how to rectify it.

• Usually offering a link to the application’s Web page where the


update can be downloaded.
Not always so simple

• Remember when I mentioned “It’s simple, no vulnerabilities no


malware”? Well, it’s not exactly that easy.

• It would be except for those nasty things called zero-day exploits and
zero-day viruses.

• That’s where anti-virus applications come into play, especially if they


use heuristics.
6: Anti-virus programs

• Lately, anti-virus software is getting little respect. Like everyone, I get


frustrated when my anti-virus program misses malcode that other
scanners manage to find.

• Still, I would not run a computer without anti-virus. It’s too risky. I
subscribe to the layered approach when it comes to security.

• Choosing the correct anti-virus application is personal. Comments


come fast and furious when someone asks TechRepublic members
which one is the best.

• A majority feel that any of the free versions are fine for non-business
use. I use Avast or Comodo on Windows machines.
Anti-malware enforcers
• The next class of anti-malware is capable of both detecting and
removing malware.

• I’m sure you are wondering why not just use these from the start. I
wish it was that simple.

• In explanation, scanners use Signature files and heuristics to detect


malware. Malware developers know all about each and can morph
their code, which then nullifies signature files and confuses heuristics.
That’s why malware scanners aren’t the cure-all answer, maybe
someday.
More caution

• I wanted to make sure and mention that you need to be


careful, when picking malware scanners.

• The bad guys like to disguise malware (antivirus 2009) as a


malware scanner, claiming it will solve all of your problems.

• All four of the ones that I have chosen are recommended by


experts.
7: Microsoft’s Malicious Software Removal Tool

Malicious Software Removal Tool (MSRT) is a good general


malware removal tool, simply because Microsoft should know
whether the scanned code is theirs or not. Three things I like about
MSRT are:
 
• The scan and removal process is automated.

• Windows Update keeps the signature file database current


automatically.

• It also has the advantage of being an OEM product, thus less


intrusive and more likely to be accepted by management.
8: SUPERAntiSpyware

• SUPERAntiSpyware is another general purpose scanner that also


does a good job of detecting and removing most malware.

• I have used it on several occasion and found it to be more than


adequate.

• Several TechRepublic members have mentioned to me that


SUPERAntiSpyware was the only scanner they found capable of
completely removing antivirus 2009 (malware).
9: Malwarebyte’s Anti-Malware
• Malwarebytes Anti-Malware (MBAM) malware scanner was the
most successful of the four I tested. I was first introduced to it by
world-renowned malware expert Dr. Jose Nazario of Arbor
Networks.

• For a detailed explanation of how MBAM works, please refer to my


post Malware scanners: MBAM is best of breed.

• Still, MBAM does not catch everything. As I pointed out in the


MBAM article, it misses some of the more-sophisticated malware,
especially rootkits. When that happens I turn to the next malware
scanner.
10: GMER
• I explained in Rootkits: Is removing them even possible, why it’s
hard to find rootkit malware.

• Fortunately, GMER is one of the best when it comes to detecting


and removing rootkits, enough so, to be recommended by Dr.
Nazario.
Final thoughts

Using the above anti-malware techniques will go a long way in making


it tough for malware developers, especially if you:
 
• Make sure all software on your computer is up-to-date.

• Run a base-line scan and save the log file, you may need it later.

• Sophisticated malware runs quietly, so scan for malware on a


regular basis.

For more information, please refer to The 10 faces of computer malware.

You might also like