How to Manually detect a virus
6 Feb 2015 by admin
-
This technique helps detect and remove viruses which get executed
as a user process(which covers most of them).
-
Download "Process Explorer" tool from Here
-
Extract the files and run "procexp.exe" file to launch process explorer.
-
Process explorer shows all the information about the currently running
processes in the system. On the left pane it shows the name of the processes
and on the right information relating to them.
We are typically interested in the process name, process description,and
company name.
-
Now to be extra cautious,we'll not be touching any of the system processes
lest causing any problems to the essential system process.
-
Now for any virus to cause any damage to your system,it must first get
executed and therefore must reside in RAM.
-
Like all other genuine processes,a virus is also a process.
-
The virus will also take some amount of RAM and CPU cycles for its working.
Therefore, if a virus is currently running on your system it'll appear in
the list of the currently running process of the processs explorer window.
-
Now, in the left pane, under the "explore.exe" process all the processes
run by you (the current user) are listed. Along with the process
name, the process description and company name will also be listed.
Now a legitimate process will have a genuine company name,description
above all you know that you yourself ran that program.
Now all you have to do is look for any process that is not started by you
and also it doesn't have a company name and description.
Be careful about some of the startup processes like audio device or bluetooth
service(although these would have company information) which are genuine.
-
Once you've located the suspicious process,right click on it and find the
location by clicking on properties. This will give you the location of the
executable file.
You can kill the process and then delete the file from its
location to completely remove it from the system.