Uncovering a Virus/Trojan

Getting done with the first part really got my juices flowing. I was shopping looking and thinking about this next article. I came up to only one option turning this into a 3-5 length post due to all the content that I will have.  So where did we leave off?  Oh that is right figuring out if you have a virus/Trojan.  The instant I made a post about this 12 hours later someone make a comment and here is what he said:
[ad#ad2-right]

Rene Van Belzen

I can’t wait to read part two of this article. I always wondered how you’d know you’re infected if a virus don’t want to be detected and no virus definitions are yet available, because the virus is so new.

Now the truth is anytime a Virus does something it usually leaves a footprint somewhere and somehow.   Even the hardest working hacker can’t plan for all possibilities and that is where we begin.   I have been helping people for a while with viruses and know that no matter how hard the virus tries to hide you can usually find it relatively quickly and easily do to virus check here are the ways I’ve done to figure out if they may or may not have a virus/Trojan.

Now if this is a client’s computer and you don’t want to be rude to the client, there are a few indications of user error and installing a virus.   This is relatively simple, all you do is do a quick inventory of all the start menu programs.  You’d want to look for any P2P file sharing program, If they have Firefox Installed, and if they are using Window Mail and not Thunderbird.   You see 80% to 90% of virus downloaded are installed by the End USER.  They either downloading a game and installing a virus with [ad#ad2-left]a game, or not protecting themselves by using Internet Explorer or Using Windows Mail.  That is usually my first step due to the fact, I’ve got to be diplomatic about finding out about security ways.  Also make sure they are up to date on there Window updates, unless they are using a really old system then you will have to work even harder.  Also you can suspect a virus if the client is talking about having problem with a program recently although this isn’t always true it sometimes is the case due to the fact hackers don’t have a big chance to test these viruses/Trojans out before they set them into the wild.  So there are always going to be unplanned problems associated with them.

After the first initial search of desktop, you should really know the likely hood of a possible virus getting on the system and later we will talk about counter measures to prevent virus attacks in the future.   There are a few places a hacker likes to put commands.   Hackers love to put in the Registry to run a program every time Windows starts.  It usually in:

  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\

Usually 50% to 70% of virus like to make sure the program to runs.  This is a flaw in Windows because hackers can edit this without much effort but there isn’t many places a hacker can go to make sure a program is set to run when you boot.   So this is also a benifit to finding those little programs.

Now just like the Regisitry, Hackers also like to put programs in a few areas on the hard drive.   This is also kinda hard to hide because most of the time these are consider important to the system but if you know what to look for you can pretty much figure out if it is truelly a system file.  These areas of the hard drive are:

  • C:\WINDOWS\System32[ad#ad2-right]
  • C:\WINDOWS
  • %programfiles%\common files\microsoft shared
  • %windir%\temp\

These are just a few but if you look hard enough it can be found most of the time.   Most of the time I use the registry to tell me where these programs are so I can do a further check of the program.  Some of this is not needed with some of the programs that I recommend but this is for those who want to be a through job and make sure the virus is gone.

On my next post we will talk about some good tools for the trade to help get rid of a virus/Trojan.  This little step here is used to  better help identify a virus and also give you chance to google each name on the list of registry and the hard drive  to see if you can identify the virus.

The Next big Wave of Layoffs is Sony. (9,000 workers)

In a report from Engadget, there seems to be more Layoffs going on.   One such one is Sony.  Here is what Engadget said:

[ad#ad2-right]

The bad news from the Japanese consumer electronics industry continues. Sony just announced plans to cut about 8,000 global jobs from its beleaguered electronics business while making unspecified reductions to its seasonal and temporary workforce. The move, as Sony explains it, comes “in response to the sudden and rapid changes in the global economic environment.” Ominously, it looks like Sony will also be raising prices in the countries where “Sony makes significant sales” (read: US and Europe) if we’re reading this statement correctly:

[Via Engadget]

[ad#ad2-left]In Today’s economy, you need to be prepared.  So I thought I bring back some old Favorites of mine and talk about them.  To see the other layoffs that I’ve talked about CLICK HERE.   If you wanted to know what you can do to be prepared here are some great resources for people who are worried about there jobs:

If you have any others you would like to suggest please leave a comment and let everyone know.   These are hard economic times and we all could use the help.

Facebook : Beware Spam for breakfast. (Virus)

In today’s society, we’ve been to complacent with people with people clicking links for the social group. In one such article on Channel Web, a nice little blog, says this:

[ad#ad2-right]

The worm was discovered by IT security provider Kaspersky Lab, which said the threat, Net-Worm.Win32.Koobface.b, is targeting Facebook users by creating spam messages and sending them to the infected user’s friends via the site.

“Unfortunately, users are very trusting of messages left by ‘friends’ on social networking sites,” said Alexander Gostev, senior virus analyst at Kaspersky Lab, in a statement. “So, the likelihood of a user clicking on a link like this is very high.”


[Via Channel Web]

This seems to be a problem people thinking that a link someone sends them is a real good link but actually is a link to a video site. According to this article the links people are sending are actually a fake video link, telling you have to download some update to flash player, by downloading this program. The user gets involved with the virus and the fun begins. So how can you prevent this from happening, two ways one is a very good group of software to make sure you have the latest and greatest video codecs. That too can be something they’ll say you need and if you’ve already installed this list of codecs then you know they’ll not telling the truth and you can quickly get away from the site laughing.

[ad#ad2-left]What’s this program name, it is call the K-lite Mega Codec pack. In this Pack you will be able to play almost everything without having to go download another program. This is done by people who want you to have all the latest codecs installed so you don’t have to go by a program you’ll only going to use once a month.

Once you’ve done that, you’ll no longer have to worry for the most part about codecs. There will be times when you might have to visit that site and update them but that will be far less.

The other thing you must remember is if it says you must update your player. That should be a sign that there is something. I’ll always go to the site and check for example Adobe. If it says I need to update my flash I’ll manually type it into my browser. This way you will know you have the latest updates, if you need to update the flash player by all means go to here and update.

If you got the virus I’d check out my Anti-virus and Anti-Spyware page and that should show you will you need to get rid of the Virus. This virus is very easy to get rid of, just download any one of the anti-virus software and install it. Don’t forget to update the virus database while your at it. That should fix the problem pretty fast. Remember the only way to prevent from getting the virus is YOU.