06-19-2010, 02:56 PM
Hello SF,
Welcome to my Tutorial on how to find out if you are infected. This ways are Basic. If you are infected, I guarantee you to 80% that you will clean your System using this Tutorial. There are 2 ways, Be lazy and reformat your whole PC or be a Smart Guy and get it working without reformating. I will Show you the Smart Way
.
Index of the Tutorial:
Checking the startup
Checking the Registry
Checking the file
Well Let's start with the First step
Checking the StartUp
1. Step - Go to "Start"
2. Step - Select/find "Run"
3. Step - Type "msconfig"
4. Step - A window will come up. Go to the Tab "Startup".
5. Step - Now you have the List of all apps starting with Windows. Almost every RAT/Stealer/Keylogger/bot etc. Startsup with the System, we can find it here. Search for some file like "Stub.exe" or "server.exe". This are the Most used names. Uncheck them, click on Save, Close And reboot PC. You have successfully preventes the malware(s) to startup with the System.
Checking the Registry
The Registry is a datebase, where Most Applications save their Configuration. Of course Malware too. Malware often uses the Registry to startup, and Save the options.
1. Step - Go to Start>Run>regedit.exe
2. Step - Search in HKCU the "Software" Folder. There will Be a List with the programs. If you are infected, there should Be sth like Server or Stub or SpyNet some crap like that. If there is, delete this entry (Right Click>Delete Entry)
Checking the File
If you are Not sure, if a file is clean or not, don't Open it yet without analyzing. First Look at the Details of the program. Look at the Assembly. Of its something Random like fhjedj792&3 then its mostly a infected file encrypted with a Crypter. If its a File you downloaded from YouTube, or from a Site which Assembly is e.g: Hijack This is Most likely infected too because Crypters fool Antivirusses with a Fake Assembly. You also can Scan the file on many online Scanning Services like:
http://www.NoVirusThanks.Org
http://www.virustotal.com (Not recommended)
http://www.jotti.org
And many more...
Also you can use a Great tool named "Sandboxie" (http://www.sanboxie.com).
Enjoy it and good luck cleaning your PC! And note: This is not the advanced method. It is the basic one.
~ViRuzz
Welcome to my Tutorial on how to find out if you are infected. This ways are Basic. If you are infected, I guarantee you to 80% that you will clean your System using this Tutorial. There are 2 ways, Be lazy and reformat your whole PC or be a Smart Guy and get it working without reformating. I will Show you the Smart Way
.Index of the Tutorial:
Checking the startup
Checking the Registry
Checking the file
Well Let's start with the First step
Checking the StartUp
1. Step - Go to "Start"
2. Step - Select/find "Run"
3. Step - Type "msconfig"
4. Step - A window will come up. Go to the Tab "Startup".
5. Step - Now you have the List of all apps starting with Windows
. Almost every RAT/Stealer/Keylogger/bot etc. Startsup with the System, we can find it here. Search for some file like "Stub.exe" or "server.exe". This are the Most used names. Uncheck them, click on Save, Close And reboot PC. You have successfully preventes the malware(s) to startup with the System. Checking the Registry
The Registry is a datebase, where Most Applications save their Configuration. Of course Malware too. Malware often uses the Registry to startup, and Save the options.
1. Step - Go to Start>Run>regedit.exe
2. Step - Search in HKCU the "Software" Folder. There will Be a List with the programs. If you are infected, there should Be sth like Server or Stub or SpyNet some crap like that. If there is, delete this entry (Right Click>Delete Entry)
Checking the File
If you are Not sure, if a file is clean or not, don't Open it yet without analyzing. First Look at the Details of the program. Look at the Assembly. Of its something Random like fhjedj792&3 then its mostly a infected file encrypted with a Crypter. If its a File you downloaded from YouTube, or from a Site which Assembly is e.g: Hijack This is Most likely infected too because Crypters fool Antivirusses with a Fake Assembly. You also can Scan the file on many online Scanning Services like:
http://www.NoVirusThanks.Org
http://www.virustotal.com (Not recommended)
http://www.jotti.org
And many more...
Also you can use a Great tool named "Sandboxie" (http://www.sanboxie.com).
Enjoy it and good luck cleaning your PC! And note: This is not the advanced method. It is the basic one.
~ViRuzz
Returning to SF / HF. Long story 
