Malware Forensics

Discussion in 'other anti-malware software' started by TheKid7, May 21, 2013.

Thread Status:
Not open for further replies.
  1. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    If I ever encounter unknown Malware on a PC, what tools are available that would assist me in locating and identifying the Malware Files/Registry Keys?

    Of course, the first thing that I would do is use available tools such as Antivirus Rescue CD's, Malwarebytes Anti-Malware, Hitman Pro, etc.

    I currently do not have a Malware infection problem. I am just thinking about if someone ever asks me to help them with a possibly infected PC.

    Thanks in Advance.
     
  2. KelvinW4

    KelvinW4 Registered Member

    Joined:
    Oct 11, 2011
    Posts:
    1,199
    Location:
    Los Angeles, California
    Tools you can use is MBAR, MBAM, Emsisoft Emergency Kit, Hitman Pro,
    Comodo Cleaning Essentials, CrowdInspect. (well I use these anyways)
     
  3. The Red Moon

    The Red Moon Registered Member

    Joined:
    May 17, 2012
    Posts:
    3,872
    A simple clean image restoration would be more effective than any scans.
    Even if you did a dozen different scans there would still be a shadow of a doubt as to whether the system is clean or not.
     
  4. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Here is a list: -http://ejaz.me/a.html
     
  5. cruelsister

    cruelsister Registered Member

    Joined:
    Nov 6, 2007
    Posts:
    977
    Location:
    Paris
    Stay with Malwarebytes as there really isn't much else helpful that you can do. Most of the other tools that measure system changes due to malware infection are assuming that you have a system baseline and are then to run a specific piece of malware, so this doesn't apply to what you want to do. Also a meaningful answer would involve reverse engineering the malware which can be problematic. If you are interested get a taste here:

    http://www.windowsecurity.com/articles-tutorials/viruses_trojans_malware/Binders-Malware-Part1.html


    Regarding Forensic programs, those that can measure changes after the fact on unknown (a clients) computer certainly exist, but any that actually work are all proprietary so aren’t available.
     
Loading...
Thread Status:
Not open for further replies.