Advice Request The first things to do if you suspect an infection

Please provide comments and solutions that are helpful to the author of this topic.

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
Sometimes when you work with your PC can happen you suddenly think that you are infected by malware maybe because of slowdowns, etc. These are the first things I would do:

1. Install Process Explorer and view all processes running and view if you see something suspicious (Process Explorer allows you to see VirusTotal ratios for all processes). An important thing you can do is that you can view paths of running processes so you can have a deeply comprehension of processes.

2. If you find a suspicious process search on the web the name of process or, better, the hash of the executable. If you find that the process you searched was malicious, then you have to immediately KILL it to prevent further damages, if you cannot kill it, try to SUSPEND the process with Process Explorer.

3. Run a deep scan with your AV.

4. Run a deep scan with Emsisoft Emergency Kit or Zemana AntiMalware Free or Norton Power Eraser.

5. You can also open CMD and type:

ipconfig /displaydns

To analyze suspicious traffic.

Advice: surf with Chrome (sandboxed with Sandboxie Free) to prevent possible infections, and all times you visit sites that have forms to fill, scan them on VirusTotal before inserting any information.

Comments are welcome. :);)
 
Last edited:

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
You can restore your PC with a backup from AOMEI or Macrium Reflect.
Only if the user has a backup, most people don't. Non-regular backups also mean some programs and updates are missing upon restoration, which can be a minor issue to update again, or a major one if it revolves around a licensed product.

If you're going to use a Backup software, do it properly, or don't bother. Same applies for off-line data backups.
 

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Only if the user has a backup, most people don't. Non-regular backups also mean some programs and updates are missing upon restoration, which can be a minor issue to update again, or a major one if it revolves around a licensed product.

If you're going to use a Backup software, do it properly, or don't bother. Same applies for off-line data backups.
Regarding some programs and updates that are lost when restoring, I try to back up the system at weekly intervals to avoid the problem as much as possible.
However, if it is used for restoration from infection, there are cases where you do not know how far you should return to the past in a situation where infection time is unclear.
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
Regarding some programs and updates that are lost when restoring, I try to back up the system at weekly intervals to avoid the problem as much as possible.
However, if it is used for restoration from infection, there are cases where you do not know how far you should return to the past in a situation where infection time is unclear.

That's why you rename the backup to something like VirusFree day/month or put a note.
 
I

illumination

Sometimes when you work with your PC can happen you suddenly think that you are infected by malware maybe because of slowdowns, etc. These are the first things I would do:

1. Install Process Explorer and view all processes running and view if you see something suspicious (Process Explorer allows you to see VirusTotal ratios for all processes). An important thing you can do is that you can view paths of running processes so you can have a deeply comprehension of processes.

2. If you find a suspicious process search on the web the name of process or, better, the hash of the executable. If you find that the process you searched was malicious, then you have to immediately KILL it to prevent further damages, if you cannot kill it, try to SUSPEND the process with Process Explorer.

3. Run a deep scan with your AV.

4. Run a deep scan with Emsisoft Emergency Kit or Zemana AntiMalware Free or Norton Power Eraser.

5. You can also open CMD and type:

ipconfig /displaydns

To analyze suspicious traffic.

Advice: surf with Chrome (sandboxed with Sandboxie Free) to prevent possible infections, and all times you visit sites that have forms to fill, scan them on VirusTotal before inserting any information.

Comments are welcome. :);)
Thank you for posting this, many new/average users could find this handy. Process explorer is a great tool for identifying a running malicious process. Autoruns by Sysinternals combined with Process explorer will help as well, if you see a new entry in start up using Autoruns with virus total results enabled "and this is important, you have to enable those results in both products to utilize them, you should do the same, and scan the system quickly.

The problem today, is that unlike years before, malware is not designed to be loud and obnoxious, it is designed to remain hidden from the user. Chances are very high if you are ever infected, you may probably not know it until it is way too late.

Your post here with these tools can help users detect even the quietest of malware, if the user utilizes them often to check the system, as well as occasional on demand scans.

As for images, as one user stated "how would i know how far back to find a clean snapshot". Then there is the stability issue of images i have brought up in other threads. Personally, i keep a copy "always updated" of MS media creation tool on hand, for repairs or wipes if need be. If a system was infected to the point that i would consider a previous image, i would rather wipe the drive and reinstall the OS to know for sure, the infection has been eradicated.
 

DDE_Server

Level 22
Verified
Top Poster
Well-known
Sep 5, 2017
1,168
Thank you for posting this, many new/average users could find this handy. Process explorer is a great tool for identifying a running malicious process. Autoruns by Sysinternals combined with Process explorer will help as well, if you see a new entry in start up using Autoruns with virus total results enabled "and this is important, you have to enable those results in both products to utilize them, you should do the same, and scan the system quickly.

The problem today, is that unlike years before, malware is not designed to be loud and obnoxious, it is designed to remain hidden from the user. Chances are very high if you are ever infected, you may probably not know it until it is way too late.

Your post here with these tools can help users detect even the quietest of malware, if the user utilizes them often to check the system, as well as occasional on demand scans.

As for images, as one user stated "how would i know how far back to find a clean snapshot". Then there is the stability issue of images i have brought up in other threads. Personally, i keep a copy "always updated" of MS media creation tool on hand, for repairs or wipes if need be. If a system was infected to the point that i would consider a previous image, i would rather wipe the drive and reinstall the OS to know for sure, the infection has been eradicated.
there is also process hacker another sophisticated tool to discover each process also has clean GUI which can view cpu and memory usage
 

JM Safe

Level 39
Thread author
Verified
Top Poster
Apr 12, 2015
2,882
Thank you for posting this, many new/average users could find this handy. Process explorer is a great tool for identifying a running malicious process. Autoruns by Sysinternals combined with Process explorer will help as well, if you see a new entry in start up using Autoruns with virus total results enabled "and this is important, you have to enable those results in both products to utilize them, you should do the same, and scan the system quickly.

The problem today, is that unlike years before, malware is not designed to be loud and obnoxious, it is designed to remain hidden from the user. Chances are very high if you are ever infected, you may probably not know it until it is way too late.

Your post here with these tools can help users detect even the quietest of malware, if the user utilizes them often to check the system, as well as occasional on demand scans.

As for images, as one user stated "how would i know how far back to find a clean snapshot". Then there is the stability issue of images i have brought up in other threads. Personally, i keep a copy "always updated" of MS media creation tool on hand, for repairs or wipes if need be. If a system was infected to the point that i would consider a previous image, i would rather wipe the drive and reinstall the OS to know for sure, the infection has been eradicated.
Thank you @illumination , we have to remember that user suspects and user intelligence are more powerful than all security products.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top