How to Manually detect a virus

6 Feb 2015 by admin


  1. This technique helps detect and remove viruses which get executed as a user process(which covers most of them).


  2. Download "Process Explorer" tool from Here


  3. Extract the files and run "procexp.exe" file to launch process explorer.



  4. Process explorer shows all the information about the currently running processes in the system. On the left pane it shows the name of the processes and on the right information relating to them. We are typically interested in the process name, process description,and company name.


  5. Now to be extra cautious,we'll not be touching any of the system processes lest causing any problems to the essential system process.


  6. Now for any virus to cause any damage to your system,it must first get executed and therefore must reside in RAM.


  7. Like all other genuine processes,a virus is also a process.


  8. The virus will also take some amount of RAM and CPU cycles for its working.
    Therefore, if a virus is currently running on your system it'll appear in the list of the currently running process of the processs explorer window.


  9. Now, in the left pane, under the "explore.exe" process all the processes run by you (the current user) are listed. Along with the process name, the process description and company name will also be listed.
    Now a legitimate process will have a genuine company name,description above all you know that you yourself ran that program.
    Now all you have to do is look for any process that is not started by you and also it doesn't have a company name and description.
    Be careful about some of the startup processes like audio device or bluetooth service(although these would have company information) which are genuine.


  10. Once you've located the suspicious process,right click on it and find the location by clicking on properties. This will give you the location of the executable file.
    You can kill the process and then delete the file from its location to completely remove it from the system.


Category: Security

Comments

comments powered by Disqus