Showing posts with label security administrator. Show all posts
Showing posts with label security administrator. Show all posts

2011/08/05

E-Virus (Part II): Maybe your PC is infected by an e-virus... how to verify its presence?

Depending upon the operation level of the PC you can work in various ways:

A) You can start the PC and enter your username and password.
In this case you can use some tools:

1) Using the free tool GMER you can both see if a rootkit is present, and disable or remove the indicted service / process (E-virus) from the memory and from the next boot starting process. To recognize the services / processes infected by E-viruses might be useful to look for files with very odd names (eg: rytrewxz.dll). GMER usually marks them in red and / or specifies the (*** hidden ***) attribute which means "file hidden to the user." In case that the message: "WARNING! GMER has found system modification, Which Might Have Been Caused by ROOTKIT activity. Do you want to fully scan your system? " appears, it is evident that GMER has identified a rootkit in the system and ask to start the full scan of your PC.


2) If you simultaneously press the keys CTRL + ALT + DEL and access to the Windows Task Manager you can see all the processes active in the PC memory and identify those that have random names such as those cited in case (1), possibly you can kill ("terminate") them, by temporarily removing them  from the memory.

3) Using the free tool McAfee Stinger you can identify and remove the most common e-VIRUSES. This is an automatic procedure since the tool detects both infections in place (memory files), and infected tracks and files in the analyzed hard drive. The tool shows which kind of many "problems" it could identify and provides eith their eradication.

4) Using the free tool Prevx you can identify both a rootkit either that kind of insidious virus that is installed in the MBR (Master Boot Record) of the hard disk. The free version detects and lists all the E-viruses present in the system but it does not eliminate them. However, it may be useful to detect the name of E-virus that infected your PC or the kind of epidemic in progress.

5) The free service OpenDNS for malware detection is totally automatic. When it detects a suspicious activity, the message  "Malware / Botnet Activity Detected" appears on the control panel of OpenDNS

6) Using the free software "Bitdefender 60-Second Virus Scanner" that precisely in 60 seconds performs a scan of your PC to check for viruses in memory or in "sensitive" areas of the Operating System. It uses cloud technology so you need an internet connection. 


B) If it is NOT possible to boot the system. 
In this case we can use some of the tools described in the following study; 
E-Virus (Part III): I have a PC infected! Now as I clean it?


Insights: 
E-Virus (part I) How to recognize the symptoms of a E-FLU or if your PC has got an E-VIRUS?

2011/01/13

E-Virus (part I) How to recognize the symptoms of a E-FLU or if your PC has got an E-VIRUS?

E-FLU (Electronic Fluence) and / or E-VIRUS (Electronic Virus) gather all the endless series of softwares that infect the PC by self-replicating and / or consuming its resources (i.e.: malwares, trojan horses, backdoors, spywares, rootkits, dialers, worms, viruses, etc.). 

HOW TO RECOGNIZE THE SYMPTOMS? 
1) The PC is unexpectedly slow: suddenly the speed of execution of any application, even the most banal, it slows down quite sharply. In parallel we see that the hard drive is still active (the LED is constantly lit). The feedback of the mouse or of the keyboard could be slowed. 
2) Problems with the browser: the browser's home page (Internet Explorer, Firefox, Chrome, Opera, etc..) has changed and is pointing to illegal Web sites, or, by opening the browser many pop-up windows appear and replicate indefinitely. 
3) Internet is too slow: suddenly, surfing the Internet has slowed down. 
4) The PC is inoperable: The computer starts but stops immediately with messages like "missing operating system" or "could not find command.com". The PC frequently restarts randomly and unexpectedly. 
5) Modified files: Some files, especially those with the extension. ".exe", ".com", ".dll" have been changed and are larger than usual. The hard drive space has been significantly reduced and / or many new files with unlikely names (such as: yutuewyt.dll, 823746.dll, wuyetur.dll) have appeared. 
6) The antivirus is down: The antivirus will not start functioning as usual and you can not re-install it or install a different one. In some cases you can not even reach the website of the leading antivirus vendors. 
7) New Softwares: new softwares that you have never installed, appear on your desktop or on the tray bar. 

These symptoms, taken individually, do not give you the certainty of the presence of an e-virus in your PC, but they can instill you doubts. Of course, if the symptoms are more than one, the probability of being in presence of an e-virus increases.


More inside: E-Virus (Part II): Maybe your PC is infected by an e-virus... how to verify its presence?


Versione Italiana di questo articolo:
 "E-virus (parte I): Come riconoscere i sintomi di un E-INFLUENZA ovvero quando il nostro PC si รจ preso un E-VIRUS?"