License to Kill: Malware Hunting with the Sysinternals Tools

Discussion in 'other anti-malware software' started by ronjor, Jun 8, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    Mark Russinovich


    http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B308#fbid=NHGw4tp4r16
     
  2. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Thanks ronjor. Seems like a great video.
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,721
    Location:
    Texas
    It's worth the watch. :)
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Thank you.

    I have been looking for information like this for a long time.
     
  5. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Yeah I just went through the first 10 min. Never really gave it a thought to use Sysinternals before. Normally I use CCE or Emsisoft Emergency kit with hijackfree. Either or gets the job done.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Thanks for the link. LOL @ "I'll clean that off for you if you let us see your browser history".
     
  7. kjdemuth

    kjdemuth Registered Member

    Joined:
    Jul 29, 2005
    Posts:
    2,960
    Location:
    Boston, MA
    Yeah that was one of the funny lines. :)
     
  8. genieautravail

    genieautravail Registered Member

    Joined:
    May 6, 2012
    Posts:
    92
    Very interesting! Thank you for the video ronjor :D
     
  9. c2d

    c2d Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    570
    Location:
    Bosnia
    Good video...thanks ronjor.
     
  10. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?
  11. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Boy, that guy ages well! He's been around for a while.

    First 30 secs. of the video says it all. "Less than 40% of (new?)malware found by existing AVs ..........."
     
  12. Hermescomputers

    Hermescomputers Registered Member

    Joined:
    Jan 9, 2006
    Posts:
    1,069
    Location:
    Toronto, Ontario, Canada, eh?

    That's why I developed A.P.A.I.S. as a manual process analysis and identification system. It seems to me that what I do is a dying art. I mean who wants to manually analyze every part of the system just to clean it up these days?

    It looks like everyone is so busy delegating to automated anti malware systems that they all miss all the malware actually on their own system...
    Also the more we use or perhaps more accurately the more we become dependent on automation the more ignorant of how things work we become, further isolating us from being able to actually defending ourselves...

    All it really takes is patience and a dedicated process by process visual inspection coupled with a serious attempt at identification...

    Establish inception, actual location, then trace it's auto-startup invocation keys or link, and do some research to establish what is actually known from a broad spectrum perspective about the darn files, and voila!

    I guess if most users actually made the effort to look they would find a lot of stuff they never even imagined was running there!

    Guy
     
    Last edited: Jun 10, 2013
  13. siketa

    siketa Registered Member

    Joined:
    Oct 25, 2012
    Posts:
    2,695
    Location:
    Zagreb, Croatia
    Prevention-detection-cure.
    ;)
     
Loading...
Thread Status:
Not open for further replies.