chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Tutorial | Reclade's | WhiteHat Help | Are you infected? | Look here to keep safe | filter_list
Author
Message
| Reclade's | WhiteHat Help | Are you infected? | Look here to keep safe | #1
Reclade's White Hat Help



So starting of this is from my experience of not knowing what to do before I knew all this so I would like to share this with you because I know how it feels I went through it all, and I want to help everyone stay safe.




Firstly If I think something's malicious, I check it on:
https://malwr.com
https://virusimmune.com <- has more scanners than virustotal,

I always check the behavioural information and see if it contacts any hosts
Or in malwr.com's case I check the hosts tab , if there's no hosts contacted, I check the file details

I look for what hooks it runs , eg anti debug hooks , anti vm , anti sandbox etc and note them down
I also check the strings for obvious keywords such as 'crypt', 'http://' , 'https://' , 'clipboard' etc


Now once that is done.

Firstly , have you noticed anything unusual happening on your PC?
Eg , web-browsers opening, notepads opening , new folders / empty text files etc?
If not , thats good!

Go to your start menu and search for "run" or if on windows 10 , press the windows key+x and go to "run"
Type %appdata% in the run window and press enter and go to appdata roaming

In here you will find most temporary files that are stored by programs.
Go to the search window in the top right and search for ".exe"

if you see anything unusal that runs .exe like, 354352dgs.exe, or just anything in particulare.

if you find any of this then you have to straight away download these programs i have listed below.

Malwarebytes Anti Rootkit - https://www.malwarebytes.org/antirootkit/
deep scans all the way down to Cmos looking for rootkit 0-3
It will automatically remove any rootkits if you have any, make sure you update the virus database before scanning

Rkill /64 - http://www.bleepingcomputer.com/download/rkill/ <- run it as admin when downloaded
If there's any active malicious processes or anything injected into memory, it should catch it

Spyshelter firewall - https://www.spyshelter.com/spyshelter-firewall/ <- 14 day free trial , after installed , on boot , you will be prompted
"X file wants to do %action%" with the options "allow , deny and terminate".
If a mysterious file asks to execute or do something , just click "Deny".

"how to" on spyshelter - https://www.spyshelter.com/help/

I also run Eset Smart Security, And finally , I run roguekiller premium

Reply






Users browsing this thread: 1 Guest(s)