Microsoft unveils three great malware hunting tools

By  

This is where you'll spot suspicious URLs or text strings that might identify the process as malicious.

Last but not least, one of the most important features that helps you identify malware is the file verifiction view. Go to "View/Verify Image Signatures." When it says "Unable to Verify," it's not really an official Microsoft process.

3. Terminating Malicious Services

Identified the process? Fine! Next step: Kill it. Unfortunately, malware often comes follows the buddy system and immediately launches another instance of the process when you try to close it. However, instead of killing them using Process Explorer, you should simply "Suspend" them (right click) to stop their process duplication and then kill them. Quick and dirty.

4. Autostart locations

Forget msconfig, even forget the new Startup Manager in Windows 8. Sysinternals "Autoruns" helps you identify malware fairly easily. Mark recommends hiding all other vendors than Microsoft and perform a signature check. To do that, go to "Options" and "Filter Options." Check the "Verify code signatures" as well as "Hide Microsoft entries."

And, finally, once you've identified, suspended and turned off the autostart of malicious apps, you'll be able to easily get rid of them.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness