Tools to Help You Identify a Malware Program
Malware can cause damage to your computer especially if you are not aware of its malicious actions. Usually they modify and infect other files, propagate through the network you’re connected with and cause unusual system behaviors like frequent system restarts and slow performance.
Identifying a malware program on your computer is hard especially if the program that you are suspecting as malicious is a legitimate file.
Worst thing is , once the suspect file affects your computer, it’s too late for you to prevent its attack.
There are tools that you can use in order to help you identify the malware program and prevent further infections on your computer.
Here are the tools that you can use:
- Process Explorer
- TCP View
- Autoruns
- Install Rite
- UltraEdit
Process Explorer is very useful when you want to check for the running processes on your system used by the malware infector. This is like a Task Manager but a more detailed one. This is because you can also check the .dlls and other processes hooked to a particular running process.
TCP View is useful when you want to check the ports and processes used by the malware during its malicious actions. Some malware infectors do not allow users to access this tool or any network tools because they do not want to be discovered.
Autoruns has the most comprehensive knowledge of auto-starting locations of any startup monitor. It shows you what programs are configured to run during system startup and registry entries. With this tool, you would probably be surprised at how many executables are launched automatically!
This program capture’s the malware activities. It reports the files and registries added, deleted and modified by the malware program.
UltraEdit is used to view log files, html files, and other log related files. This is very useful when you want to compare two log files. It will show you the differences between the two logs. With that, you will be able to identify the changes made.
You can find other useful system utilities or tools at Windows Sysinternals. The tools mentioned above are some of the basic tools that you can use in order to help you identify a malware program and its malicious actions.
Basically, with these tools, you would be able to locate modified registry entries made by the malware program, other files that are dropped during the malware program’s execution and the ports it uses to propagate.
November 11th, 2008at 1:13 am
Those are some great programs.
I know personally I have used Process Explorer and Autoruns. Especially Autoruns since malware tends to auto-start which makes it difficult to remove.
I haven’t tried to InstallRite or TCP View. Going to give those a shot and see how they work.