Friday, October 30, 2009

MANUALLY IDENTIFYING VIRUSES AND TROJANS

Viruses and Trojans are not completely invisible in process list of task manager. you can find them easily but it will make us to confuse. Now the straightest way to detect virus is to check the active processes in Taskmanager. If you can't identify a virus process in your task manager, the virus is handling techniques to hide themselves.basically three techniques are used by viruses
  1. Processes such as svchost.exe, explorer.exe, iexplore.exe, winlogon.exe are default system processes. In this case viruses are using the similar names with simple alphabet modifications for their processes. For example, If you find any processes named svch0st.exe, explore.exe, iexplorer.exe, winlogin.exe, etc. Then you can see the difference. It makes us to confuse & destroy our system.
  2. Sometimes viruses are brilliant, they have the exact name of the default system processes. for example it may have the name of svhost.exe. Now the way to find is, default system svhost.exe is executed from C:\WINDOWS\system32.. If the svhost.exe is not executing form there & execution of more than 6 svhost.exe, means Virus.. I recommend you to use a best anti-virus at this state.
  3. The third & major method is DLL injection. In this case, An virus DLL is injected to system processes. So that It's difficult to find them unless we use professional detective tools.
Note: Terminating system processes may be affecting some parts of the system execution.

1 comment:

Enter your Comments & suggestion here.. no need for signing up..