Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How to learn using anti-malware diagnostic tools - read books or enroll?


  • Please log in to reply
10 replies to this topic

#1 midimusicman79

midimusicman79

  • Members
  • 679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:22 AM

Posted 07 July 2015 - 09:23 AM

Hi all!

 

I would like to learn using anti-malware diagnostic tools, primarily by reading one or more books on this subject. Therefore my question is; Is there one or more books regarding this subject, i.e. on learning malware diagnosis?

 

Or is the only way to learn; to enroll at the Malware Removal Training Program here at BC?

 

Thank you very much in advance!

 

Regards,

midimusicman79


Edited by midimusicman79, 08 July 2015 - 06:14 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 07 July 2015 - 09:36 AM

Hi midimusicman79 :)

I doubt there's any real "books" on the tools that are being used on the forums, since they are made by members of the community (FRST, OTL, ComboFix, etc.). However, some of them have public tutorials that can be used to learn how to read the logs and create fix-lists.

FRST Tutorial: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
OTL Tutorial: http://www.geekstogo.com/forum/topic/277391-otl-tutorial-how-to-use-oldtimer-listit/

Other tools (like ComboFix) have tutorials which are private and you need to be enrolled in a malware removal school to be able to access them. But for all of these tools, the recommendation is the same: you should go throught an approved malware removal training before using them by yourself since one wrong entry in a fix-list can cause a system to be unbootable. So the best way to learn how to read these logs, create fixes from them and learn how to remove malware is to follow a malware removal training, yes.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:22 AM

Posted 07 July 2015 - 01:41 PM

For what it's worth, BC isn't the only place offering malware removal training.

You can enroll at one of the schools listed in the UNITE site.

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 07 July 2015 - 01:42 PM

There's also ASAP schools, thought I don't know all of them and if they are still active.

http://asap.maddoktor2.com/

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:06:22 AM

Posted 07 July 2015 - 01:46 PM

From the list of members, I see that sites offering active malware removal training are already listed in the UNITE site, and the other sites are strictly malware-removal only (Emsisoft Support Forum and Malwarebytes Community Forum, for one).

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 AM

Posted 07 July 2015 - 06:29 PM

ASAP is essentially a volunteer network of security experts who work at various organizations and websites where they provide security related support. ASAP does not have a malware training program but they do have a help forum. Graduates of UNITE schools can become ASAP members after training is completed.

General Requirements for ASAP Membership
Applicants must own or operate an Internet security focused site or service, or be an active supporter and/or staff member at such a site or service in order to be considered for membership.

Member Requirements for individual ASAP Membership
Any Applicant for individual ASAP membership must be a member of or regular contributor to an ASAP site or support forum for a time sufficient to substantiate the quality of help provided to users is appropriate. Applicants require either:
- Recommendations of three (3) other ASAP members in good standing
- Their classroom instructor(s)
- Site Administrator(s)

Applicants who provide assistance in log analysis/malware removal and have completed training are requested to provide the name and location of the school(s) where they received training and certification. Multiple certifications are not necessary, but will be taken into consideration. Applicants still in training will not be deemed eligible for membership until training and certification has been completed in at least one school.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:22 AM

Posted 08 July 2015 - 09:15 AM

Hi again, Aura., Alexstrasza & quietman7!
 
Thanks to all of you for the prompt and clarifying replies! :)
 
So all malware removal training schools offer free training for applicants, but with the obligation for all such all graduates to help other members on forums with malware removal... :thumbup2:
 
Yeah, if only I could apply, I would... :graduate:, but unfortunately I lack the necessary commitment / obligation..., which, although sounding somewhat selfish, to help anyone else but myself, sorry... :(
 
However, I would encourage everyone else also being interested in this field to apply, and in such case, I wish you all good luck with the education, both existing and future students! :busy:
 
Thank you very much for the help! :) The issue has been successfully resolved! :)
 
Regards,
midimusicman79

Edited by quietman7, 11 July 2015 - 09:01 PM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 08 July 2015 - 09:16 AM

No problem midimusicman, you're welcome :)

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 AM

Posted 08 July 2015 - 04:02 PM

If there are no slots available here at BC, you will have to keep checking back at a later time. We are swamped with such requests and there are not enough instructors able to provide teaching so that limits the number of trainees we can accept.

Due to the self-paced structure of training and limited number of instructors here at BC, it is impossible to say with any accuracy when slots will open. New slots are opened up as our existing trainees complete the lower levels of study and move up toward more advanced levels. This is to prevent our volunteer staff being overwhelmed by an influx of new trainees. There is no notification system in place for when slots open so you need to keeping checking back if BC Study Hall is the school you prefer to enroll in. The logistics and management of such a notification system and the fact we have a worldwide membership negate the potential effectiveness and fairness one would expect from it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 midimusicman79

midimusicman79
  • Topic Starter

  • Members
  • 679 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norway
  • Local time:07:22 AM

Posted 11 July 2015 - 06:25 AM

Hi again, quietman7!

 

Sorry for my late reply; but thanks for the heads-up! :)

 

Unfortunately I made a mistake in post #7; I used the wrong phrase all such applicants in the end of the sentence, even though what I actually meant, was obviously all graduates, I am sorry about this. :(

 

Sir, I would be very grateful if you could please correct this...; Thank you very much in advance!

 

So, once again:

 

Thank you very much for the help! :) The issue has been successfully resolved! :)

 

Regards,

midimusicman79


Edited by midimusicman79, 11 July 2015 - 06:28 AM.

MS Win 10 Pro 64-bit, EAM Pro/EEK, MB 3 Free, WPP, SWB Free, CryptoPrevent Free, NVT OSA and Unchecky, WFW, FFQ with uBO, Ghostery, Grammarly Free and HTTPS Ew. Acronis TI 2018, K. Sw. Upd. AM-tools: 9-lab RT BETA, AdwCleaner, Auslogics AM, aswMBR, Avira PCC, BD ART, catchme, Cezurity AV, CCE, CKS, ClamWin P., Crystal Sec., DDS, DWCI, EMCO MD, eScan MWAV, ESS/EOS, FGP, FMTB, FRST, F-SOS, FSS, FreeFixer, GMP, GMER, hP BETA, HJT, Inherit, JRT, K. avz4, KVRT, K. TDSSKiller, LSP-Fix, MB 3 Free, MBAR BETA, MA Stinger, NMC, NoBot, NPE, NSS, NVT MRF (NMRF), OTL, PCC, QD, RCS, RSIT, RKill, Rs, SC, SR, SAP, SVRT, SAS, SL, TMHC, TSA ART, UHM, Vba32 AR, VRS, WR (AiO), Xvirus PG, ZAM, ZHPC, ZHPD and Zoek. I have 23 Years of PC Experience. Bold = effective.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:22 AM

Posted 11 July 2015 - 09:03 PM

...Sir, I would be very grateful if you could please correct this...; Thank you very much in advance!

It has been corrected and you are quite welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users