Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

How to detect malware infection in 9 easy steps

Roger A. Grimes | Oct. 26, 2017
Hey Windows users: Here's how to get the incredible power of 67 antivirus engines with no performance impact on your computer

malware keyboard skull and crossbones

Hardly a week goes by when I’m not cleaning up someone’s computer and detecting and eradicating malware. It’s not uncommon for me to find dozens of infections, each doing its best to pester the user into installing multiple bogus antivirus programs or, worse, getting ready to lock up data in a ransomware attack.

All these users justifiably complain that their antivirus (AV) program is inaccurate and misses obvious malware that pops up in front of their eyes. It’s especially annoying when this software clobbers performance in exchange for "protecting" the user.

(Note that while "antivirus" isn't exactly a misnomer, it's also not the most precise term for this type of software since computer viruses make up a very small percentage of detections these days. "Antimalware" is more accurate and is my preferred term, but since the world knows it as "antivirus", that's the term I'll be using here.)

All antivirus software misses a significant percentage of malware. This is because professional malware writers design their malware and botnet ecosystems to self-update whenever they start getting detected. While antivirus engines eventually sniff out millions of malware variants, they're always one generation behind, failing to spot the stuff that has been self-modified to avoid discovery.

Overall accuracy rates go up and down all the time, though some products score better than others ... for some period of time. But again, no AV product is 100 percent accurate. No product is going to be super-accurate over the course of an entire year.

 

Maximum malware detection for all

Here's what you should do: Install an antivirus product that does a decent job, has a long history of stability and decent success, and doesn’t slow down your system (unless you don't mind a little sluggishness). Then use Windows Sysinternals Process Explorer or Autoruns to test currently running executables against VirusTotal’s 67 antivirus engines, which offers the best accuracy you can ever get (with a small percentage of false positives).

Step by step, do this now for all Windows computers:

  1. Make sure your computer has an active connection to the internet.
  2. Go to Sysinternals.com. It’s a Microsoft site.
  3. Download Process Explorer and Autoruns. Both are free, as is everything on the site.
  4. Unzip these programs. If using Process Explorer, use procexp.exe. If using Autoruns, use autoruns.exe (autorunsc.exe is the command-line version).
  5. Right-click and run the program executable as Administrator, so it’s running in the Administrator’s security context.
  6. Run Process Explorer first (I'll explain Autoruns later). Select the Options menu at the top of the screen.
  7. Choose VirusTotals.com and Check VirusTotals.com.
  8. This will submit all running executables to the VirusTotal website, which is run and maintained by Google. You’ll get a message to accept the license; answer Yes. You can close the VirusTotal website that comes up and go back to Process Explorer.
  9. In Process Explorer, you'll see a column labeled Virus Total. It will either say Hash Submitted (during the first few seconds) or give you a ratio, something like 0/67, 1/67/ 14/66, and so on.

 

1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.