A quick question. I know that even after running a virus scan there is still the possiblity of having a virus/threat on your computer. When I get suspicious I usualyl open up process explorer to see what is running. I was just wondering what the best way would be to identify a threat because a lot of times hackers hide their programs with common window executables like svchost etc. Is there a way to find out if the 20 svchosts or any other file that I have running is legit or not?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Identifying a threat (virus etc)
- Thread starter mobusta1
- Start date
DeaconFrost
[H]F Junkie
- Joined
- Sep 6, 2007
- Messages
- 11,587
You can always run an online scanner if you want a second opinion. I also keep Malwarebytes on my system to run as a manual scanner, maybe once a month or so.
PedroDaGr8
Limp Gawd
- Joined
- Feb 17, 2004
- Messages
- 489
If you are trained, you can read logs from programs like HJT (finds some stuff but is old and out-dated), RSIT or OTL. These will give you loads of information about your system and you can parse the logs and look for anything suspicious loading itself, ranging from BHOs, service hijacks, etc.
Training is free on a lot of sites, but it is time consuming. I am in training right now and enjoy it but it is hard and takes a lot of work. The good thing is, when done, I should be able to remove essentially anything from any computer (excluding Virut and Sality as these are polymorphic mass infectors (old school virus basically) that corrupt some of the files they infect so they CANT be removed).
Training is free on a lot of sites, but it is time consuming. I am in training right now and enjoy it but it is hard and takes a lot of work. The good thing is, when done, I should be able to remove essentially anything from any computer (excluding Virut and Sality as these are polymorphic mass infectors (old school virus basically) that corrupt some of the files they infect so they CANT be removed).