Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How do you find bad files?


  • Please log in to reply
2 replies to this topic

#1 casperfox

casperfox

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:48 PM

Posted 21 March 2017 - 06:54 PM

So I have question about searching for bad files. I have seen people search through folders and just say, Yep.. this is the virus here... How can people just tell by looking at the file that its a virus, malware, etc? Also how can you manually clean out your computer? Thanks



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:48 PM

Posted 21 March 2017 - 07:51 PM

Hello casperfox.

 

Well, that is a good question, but indeed not easy to answer. The issue here is that it is generally quite hard to detect or remove Malware if you haven't finished any UNITE training program.

 

How can people just tell by looking at the file that its a virus, malware, etc?

There are different operations you can do with a file to determine if it is Malware or not. If you have a file, let's call it example.exe, you can not see if it is Malware when you just physically look at it. To determine whether a file is Malware or not just upload it to virustotal.com. 

For trained people here it is easier to determine if a file is bad or not as they are well trained people. Let's say your file has following location: C:\Users\Machiavelli\4ijhi22\example.exe we try to research the file and the directory on the internet. But for "normal" people which don't have qualification in this area, it is quite hard to do this. 

These research qualitites you will learn in a so-called Malware Removal School. 

 

You can join the Malware removal program if you like to: https://www.bleepingcomputer.com/forums/t/532535/malware-removal-training-program/

 

Also how can you manually clean out your computer? Thanks

These qualities you will learn at UNITE schools. It would be too much to describe it here - it is like explaining what Windows is - you start explaining but can not stop as it is sooo much. :-)

 

If you have further questions, feel free to ask me. 

 

Regards,

Machiavelli


Edited by Machiavelli, 21 March 2017 - 07:53 PM.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,484 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:48 PM

Posted 22 March 2017 - 07:25 AM

These are some common folder variable locations malicious executables and .dlls hide:
  • %SystemDrive%\ (C:\)
  • %SystemRoot%\ (C:\Windows, %WinDir%\)
  • %UserProfile%\
  • %UserProfile%\AppData\Roaming\
  • %AppData%\
  • %LocalAppData%\
  • %ProgramData%\ / %AllUserProfile%\
  • %Temp%\ / %AppData%\Local\Temp\
Note: Some folders like %AppData% are hidden by the operating system so you may need to configure Windows to show hidden files & folders.

As noted by Machiavelli...Anytime you come across a suspicious file or you want a second opinion, submit it to one of the online services that analyzes suspicious files.--In the "File to Scan" (Upload or Submit) box, click the "browse" button, navigate to the location of the suspicious file(s) and submit it for analysis. If you get a message saying "File has already been analyzed", click Reanalyze or Scan again.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users