Troubleshoot and prevention from malware

1.     Use  third party utilities rather than native Task Manager. you can use process Explorer to see hidden processes or unfamiliar process. Some Malware hide itself from Task Manager 

Some recommended programs are ;-

1.     Gmer

2.     ProcessHacker

3.     Kernel Dectective

4.     Deep monitor

5.     See here for more http://www.kernelmode.info/forum/viewtopic.php?f=11&t=10

Note : In most situations many malwares block the Task Manager and registry. To enable it type the following command in run or cmd

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0
REG add HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0

Fix registry after malware :
download Quick Disaster Recovery
RRT tool

2.     Use Network connections and traffic viewer rather than netstat

1.     Currports

2.     Tcp view

3.     Private eye

4.     Netactview

5.     Closethedoor

Mostly all malwares are spying your vital information i.e  passwords and credit card numbers and more. So, I would say it must for us to know what is going on through our NIC card. Some of these programs help us to determine malicious file name and it’s path which is connecting to SMTP or FTP port for sending or uploading our information.


IF you want to check in very detail , each packet, Then you can use Wireshark.  But you need little bit knowledge of packets information. It is best tool to analyze your network traffic.

3.     Also check schedules by type AT command in command prompt to see if there is any scheduled by malware. If you will find any unknown jobs entries then type at /delete to delete all entries.

4.     Check startup folder for any unfamiliar file. If you can open registry then check also registry keys are followings :-

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Check these above entries for unfamiliar or  malicious programs which help the programs to run on pc start.

5.        To see what is hidden also unhide all common hidden files as well as system files. And enable to show extension of each files to determine type of files.

To enable the viewing of Hidden files follow these steps. Please note a guide with images that shows the same steps can be found here:
How to show hidden files in Windows 7

1.     Close all programs so that you are at your desktop.

2.     Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

3.     Click on the Control Panel menu option.

4.     When the control panel opens click on the Appearance and Personalization link.

5.     Under the Folder Options category, click on Show Hidden Files or Folders.

6.     Under the Hidden files and folders section select the radio button labeled Show hidden files, folders, or drives.

7.     Remove the checkmark from the checkbox labeled Hide extensions for known file types.

8.     Remove the checkmark from the checkbox labeled Hide protected operating system files (Recommended).

9.     Press the Apply button and then the OK button..

10.   Now Windows 7 is configured to show all hidden files.

Mostly viruses comes from USB pen drive. Whenever you open any pendrive  by double click then virus file will get execute automatically with the help of autorun.inf file which already would in your pendrive. Virus never comes or infect PC’s by automatically itself. Virus always need user interaction. Even if you will download any virus executable file from any website then it will not infect you pc until and unless you do double click on it. So, Rather than double clicking on pen drive , open it by typing it’s drive letter in address bar in My computer , by this way the autorun.inf which comes with infected exe file in your pen drive will not help to execute that malicious file. You can also see all hidden files in your pen drive and you may notice which files are unknown to you.