Saturday, June 14, 2008

Identifying the Virus

Identifying the Virus manually
Most of the time a virus gets detected but the antivirus software is unable to remove it. This is because either the virus is currently running on your system as one of the processes or is being protected by the Operating System Itself. So before doing the virus scan you have to take a few precautions:

  1. Download ProcessXP if you Task Manager is disabled.
  2. Download HijackThis from TendMicro

Both of these tools are helpful in revealing and killing hidden processes running on your system or those which have recently make changes. If you find something like:

  1. monit.exe- runs under explorer.exe, keylogger app, creates problems with Counter Strike
  2. scvhost.exe or 713xRMTmon.exe - not to be confused with svchost.exe, an important windows process.
  3. wscript.exe - a harmless process which can be made to execute harmful VBScripts like mswin32.dll.vbs
  4. amvo.exe or amva.exe
  5. autorun.inf - Its actually a harmless file. more info. But can be used to invoke a virus when you click a folder/drive which has this file.

Its best to kill/terminate them by Right Click/End Process Tree. Also a good practice is to EndProcessTree** Explorer.exe as well. And starting the antivirus executable from TaskManager/File/Run. And then run a system scan. Explorer can be started again from TaskManager/File/Run/ Type explorer [enter].

Several antivirus support forums help out people who submit their Hijack This log files.

Viruses usually invoke at startup. So its a good idea to check the startup list by StartMenu/Run/msconfig/Startup where you should find something suspicious Uncheck them(only if suspicious ones!)like scvhost.exe. Uncheck them(only if suspicious ones!). Restart your PC. Do system scan.

So how do you findout which process is malicious? Google them. If your data is important to you and you really want to remove the virus without formatting, you have to do this bit. When you familiar with which System processes you should be able to isolate the culprit by just seeing the list.

You can also goto the command prompt StartMenu/Run/command and then CD\ now you should be at the C:\ prompt. Now write type autorun.inf You should be able to see the contents of the autorun.inf file which for me was like



There was an error in this gadget

Design by Wordpress Theme | Bloggerized by Free Blogger Templates | JCPenney Coupons