Something I'm running into when I suspect another computer has a virus/malware that I'm called to look at: I'm noticing that the process that I always learned ends up falling apart.
I've usually learned that you want to isolate the machine (i.e. clean boot it off a write-protected disk, remove the network/modem cable) before you scan it. Usually the solution requires introducing one or more malware/virus scanners because the computer's user is derelict in either having one or updating one.
So the problem I have is two-fold. First, most of the virus/malware scanners I run into want you to install them onto a drive and safe-mode won't work for them. This means introducing your virus/malware scanner to the possibility of being infected or not working because of the malware/virus. Needless to say, I've found it a trick to get a working live system compatible with these malware scanners on a write-only medium...
Lastly, the scanners refuse to run without a connection to the Internet to update themselves. Now given that the malware might be reloading copies of itself from the net (I had that happen once) or that the malware broke the drivers related to connecting to the Internet (I've had that happen too), how would you accomplish this? I notice most won't allow separate updates and require connection to an update server through the software itself to update.
So what is the process these days? I notice what works on what I have encountered is the use of process explorer (which is stand-alone) to guess at the process and kill it, and then use hijackthis (again stand-alone) to guess where the process loads and remove it. Then reboot. Then if I'm not lucky enough to have Internet access on the computer afterward (and have removed the malware from memory), try to figure out things again from there. Of course, this is all assuming I have the Internet access from another machine to make an educated guess...
But what works all the way through? How do you get a typical malware scanner to be fully-updated and work in such a situation? How is best to fix the Internet drivers on a Windows system if they are messed up?
I'm waiting for the white paper entitled "Finding Employment in the Era of Occupational Irrelevancy
I've usually learned that you want to isolate the machine (i.e. clean boot it off a write-protected disk, remove the network/modem cable) before you scan it. Usually the solution requires introducing one or more malware/virus scanners because the computer's user is derelict in either having one or updating one.
So the problem I have is two-fold. First, most of the virus/malware scanners I run into want you to install them onto a drive and safe-mode won't work for them. This means introducing your virus/malware scanner to the possibility of being infected or not working because of the malware/virus. Needless to say, I've found it a trick to get a working live system compatible with these malware scanners on a write-only medium...
Lastly, the scanners refuse to run without a connection to the Internet to update themselves. Now given that the malware might be reloading copies of itself from the net (I had that happen once) or that the malware broke the drivers related to connecting to the Internet (I've had that happen too), how would you accomplish this? I notice most won't allow separate updates and require connection to an update server through the software itself to update.
So what is the process these days? I notice what works on what I have encountered is the use of process explorer (which is stand-alone) to guess at the process and kill it, and then use hijackthis (again stand-alone) to guess where the process loads and remove it. Then reboot. Then if I'm not lucky enough to have Internet access on the computer afterward (and have removed the malware from memory), try to figure out things again from there. Of course, this is all assuming I have the Internet access from another machine to make an educated guess...
But what works all the way through? How do you get a typical malware scanner to be fully-updated and work in such a situation? How is best to fix the Internet drivers on a Windows system if they are messed up?
I'm waiting for the white paper entitled "Finding Employment in the Era of Occupational Irrelevancy