Hey guys, Kristinn Spence here again with a new short tutorial for those who might think they are infected by a trojan or virus or just want to beef up the security of their system massively on Windows and to find viruses that the antivirus is not picking up and how to look for it in your windows system manually, because it is a fact that over 63% of viruses are never found.
So most of today's trojan horses or remote administration tools come preloaded with multiple hiding features and so that it hides itself from the task manager when you are looking at it and also miners have this feature implemented so that whenever you are looking at the task manager it shuts itself off or hides the process so that you won't see anything suspicious or be able to shut it down by end tasking it, and almost all malware also comes encrypted through malware encrypters or normal encrypters that are advertised as normal file encrypters but is almost solely used for malware encryption that encrypts the virus so that it is invisible to anti virus both on runtime and scantime so the antivirus just thinks its a normal program and never deletes it or quaranties it because the code has been altered to look in a specific non malicious way when in reality there is most often a decryption key at the end of the code or in it that opens a door to the real code which self decrypts and runs the real software and code, its like a trojan door inside the software that anti viruses cant run because they are not really running the software but when it is run then it opens the door at some point in the encrypted code and then the real malicious code opens or injects into the memory of the computer, this is ofcourse very bad for normal pc users as this allows almost all targeting malware to easily bypass all antivirus and firewall procedures.
I speak for myself as a network and computer security enthusiast since i was a kid that I know that if I would target a computer system then there is without a doubt very little chances that I could not get access to the system I would target, either remotely or physically, now this is, of course, hypothetical, assuming it is a normal computer system, with standard security measures.
How to be secure?
[/b]
What you want to do is do malware scans with different malware engines to check, because often they are very different and work in a very different way.
I personally recommend these
Malwarebytes (they have a strong all-around malware engine and check the code part by part and have a strong signature database Free also)
Avira (a very strong heuristic engine that takes apart many viruses and has signatures for many encryption tools as well is 100% free)
HitmanPro (a very strong anti trojan engine that focuses mostly on trojan viruses is also free to scan)
Then you can also get yourself 360Total security which has 3 malware engines inside it and has real-time malware check as well and is 100% free but you have to manually activate all of the engines by setting the security settings to high.
Now what I recommend if you have an SSD hard disk on your computer is that you get at least 2 engines that run on your engine
a good combo is often Malwarebytes and 360 antivirus for example then you really have 3 engines inside the 360 antivirus and then Malwarebytes can detect most of the other harmful code.
But if you have a normal hard drive that is NOT SSD then it will slow your computer a lot down because when you have so much antivirus engines running always then it will take a lot of the disk capacity / and since SSD drives are much faster it doesn't really slow them down so if you have a normal hard drive I would just recommend to have one engine.
You also want to have a firewall if you don't that way you can watch whenever a new program accesses the internet from your device and also check which services are using your internet and block their connections if they seem strange.
For example, if you have a firewall and you see some service called
miner.exe using huge internet then you can just 1 click it to block the internet connection to that specific software or service.
it is very convenient.
Okay but some viruses and malware is a bit trickier and you don't actually see it as suspicious software in the firewall process list it has bound itself to some respectable process like svhost.exe or explorer.exe and injected itself as a subprocess in these "main" processes so it is really hard to shut of them without disrupting the real progress, for example, if you shut of explorer.exe then your whole desktop closes down and you get a blank screen, but in windows 10 and 7 it usually starts itself up after it shuts down.
So if you just see these as normal how would you find a hidden virus on your system that is not being found with conventional methods?
First off you can of course for example use software called Wireshark and sniff your own traffic to find the virus using this tutorial here
https://www.howtogeek.com/107945/how-to-identify-network-abuse-with-wireshark/or you can just type "netstat" inside your CMD (go to start and type CMD and enter) and see if there are any strange foreign addresses that pop up, most often it is some free DNS server that hackers use like "imnotahacker.no-ip.org" or some crap like this or just a number "12312323.blabla.com" that is often malicious software running on your computer, but you will need to research it yourself and identify it by checking in your registry as well and other places on your computer, although many viruses nowadays don't even go to the registry anymore because they are often only running in memory, you can also use specific tags to only find TCP ports for example and often these hackers use tor as their DNS provider so you can search for tor ports in your foreign addresses just google "what ports does tor use" and cross check with your foreign addresses.
Now after you identify the threat you can use your preferred firewall to block it accessing the internet because most often when you forge malware that is this strongly hidden then it also has persistence modules in place that make it hard to delete from your system and often also have a rootkit protecting the process and files so in reality, it is easier to cut off the internet supply because then the attacker cant send new commands to the virus, for example, to update or install more malware or other things, and the virus itself is not trying to copy itself again or reinstall itself or protect itself, it simply becomes, dormant.
Thanks for reading this short guide on how to protect your Windows computer from viruses I will be posting more guides about everything tech related in the future, I am just starting with the simpler stuff and then I will go in depth later.