One of my favorite tools for hunting malware is Autoruns from Sysinternls. When malware infects a computer it will register itself as an autorun in the registry. Autoruns are programs that start when the system boots up ensuring that the malware starts when Windows starts. Autoruns shows you these entries and allows you to remove them.
From the image you can see that there are lots of entries to look through. Here is how to find suspicious entries. First narrow down the list by clicking options and check Verify Code Signatures and Hide Signed Microsoft Entries.
Now scan the list looking for entries that are missing a description or publisher. If you are not 100% sure what it is, Google the entry and the search results should tell you if it is a malicious program. Once identified you can disable or delete the entry.
No comments:
Post a Comment