Malware education - How to find hidden viruses & How does malware work

[Kristinnspence]

Hey guys, Kristinn Spence here again with a new short tutorial for those who might think they are infected by a trojan or virus or just want to beef up the security of their system massively on Windows and to find viruses that the antivirus is not picking up and how to look for it in your windows system manually, because it is a fact that over 63% of viruses are never found.

So most of today's trojan horses or remote administration tools come preloaded with multiple hiding features and so that it hides itself from the task manager when you are looking at it and also miners have this feature implemented so that whenever you are looking at the task manager it shuts itself off or hides the process so that you won't see anything suspicious or be able to shut it down by end tasking it, and almost all malware also comes encrypted through malware encrypters or normal encrypters that are advertised as normal file encrypters but is almost solely used for malware encryption that encrypts the virus so that it is invisible to anti virus both on runtime and scantime so the antivirus just thinks its a normal program and never deletes it or quaranties it because the code has been altered to look in a specific non malicious way when in reality there is most often a decryption key at the end of the code or in it that opens a door to the real code which self decrypts and runs the real software and code, its like a trojan door inside the software that anti viruses cant run because they are not really running the software but when it is run then it opens the door at some point in the encrypted code and then the real malicious code opens or injects into the memory of the computer, this is ofcourse very bad for normal pc users as this allows almost all targeting malware to easily bypass all antivirus and firewall procedures.

I speak for myself as a network and computer security enthusiast since i was a kid that I know that if I would target a computer system then there is without a doubt very little chances that I could not get access to the system I would target, either remotely or physically, now this is, of course, hypothetical, assuming it is a normal computer system, with standard security measures.

How to be secure?

[/b]
What you want to do is do malware scans with different malware engines to check, because often they are very different and work in a very different way.

I personally recommend these
Malwarebytes (they have a strong all-around malware engine and check the code part by part and have a strong signature database Free also)
Avira (a very strong heuristic engine that takes apart many viruses and has signatures for many encryption tools as well is 100% free)
HitmanPro (a very strong anti trojan engine that focuses mostly on trojan viruses is also free to scan)

Then you can also get yourself 360Total security which has 3 malware engines inside it and has real-time malware check as well and is 100% free but you have to manually activate all of the engines by setting the security settings to high.

Now what I recommend if you have an SSD hard disk on your computer is that you get at least 2 engines that run on your engine
a good combo is often Malwarebytes and 360 antivirus for example then you really have 3 engines inside the 360 antivirus and then Malwarebytes can detect most of the other harmful code.

But if you have a normal hard drive that is NOT SSD then it will slow your computer a lot down because when you have so much antivirus engines running always then it will take a lot of the disk capacity / and since SSD drives are much faster it doesn't really slow them down so if you have a normal hard drive I would just recommend to have one engine.

You also want to have a firewall if you don't that way you can watch whenever a new program accesses the internet from your device and also check which services are using your internet and block their connections if they seem strange.

For example, if you have a firewall and you see some service called
miner.exe using huge internet then you can just 1 click it to block the internet connection to that specific software or service.
it is very convenient.

Okay but some viruses and malware is a bit trickier and you don't actually see it as suspicious software in the firewall process list it has bound itself to some respectable process like svhost.exe or explorer.exe and injected itself as a subprocess in these "main" processes so it is really hard to shut of them without disrupting the real progress, for example, if you shut of explorer.exe then your whole desktop closes down and you get a blank screen, but in windows 10 and 7 it usually starts itself up after it shuts down.

So if you just see these as normal how would you find a hidden virus on your system that is not being found with conventional methods?

First off you can of course for example use software called Wireshark and sniff your own traffic to find the virus using this tutorial here
https://www.howtogeek.com/107945/how-to-identify-network-abuse-with-wireshark/

or you can just type "netstat" inside your CMD (go to start and type CMD and enter) and see if there are any strange foreign addresses that pop up, most often it is some free DNS server that hackers use like "imnotahacker.no-ip.org" or some crap like this or just a number "12312323.blabla.com" that is often malicious software running on your computer, but you will need to research it yourself and identify it by checking in your registry as well and other places on your computer, although many viruses nowadays don't even go to the registry anymore because they are often only running in memory, you can also use specific tags to only find TCP ports for example and often these hackers use tor as their DNS provider so you can search for tor ports in your foreign addresses just google "what ports does tor use" and cross check with your foreign addresses.

Now after you identify the threat you can use your preferred firewall to block it accessing the internet because most often when you forge malware that is this strongly hidden then it also has persistence modules in place that make it hard to delete from your system and often also have a rootkit protecting the process and files so in reality, it is easier to cut off the internet supply because then the attacker cant send new commands to the virus, for example, to update or install more malware or other things, and the virus itself is not trying to copy itself again or reinstall itself or protect itself, it simply becomes, dormant.

Thanks for reading this short guide on how to protect your Windows computer from viruses I will be posting more guides about everything tech related in the future, I am just starting with the simpler stuff and then I will go in depth later.

[1715695070]

1715695070

[1715695070]

1715695070

[1715695070]

1715695070

[logfiles]

You really need to format your topic well in order to catch the attention of the reader and make them eager to read through.
Have you wondered why nobody has replied your topic since yesterday?

It's because of poor formatting, no clear outline of subtopics, title or references... everything is just jumbled up.
You referred me to read your topic but honestly, I don't even know how to get started.
I know it may not be the best topic in the forum but take it as an inspiration, It was the topic that even earned me the most merit 
https://bitcointalk.org/index.php?topic=5106984

Take this as some sort of advice and not a jibe.
Cheers.

[sheenshane]

I'm so sorry but, if you want to educate the people your post should be easily comprehended and catchy. But yes you were right. Malwarebytes have a strong all-around malware engine and checking the code part by part with a strong signature database.
360Total is also recommended for malware.

Next time, if you are planning to post something make sure to keep it easily comprehended and avoid putting a lot of words. Just become a straight to the point person.

[Kristinnspence]

I'm so sorry but, if you want to educate the people your post should be easily comprehended and catchy. But yes you were right. Malwarebytes have a strong all-around malware engine and checking the code part by part with a strong signature database.
360Total is also recommended for malware.

Next time, if you are planning to post something make sure to keep it easily comprehended and avoid putting a lot of words. Just become a straight to the point person.

Yeah sorry about that, i can have some trouble with structure in my posts since my mind sometimes just wanders from a-c before going to b

[traderethereum]

Unfortunately, if you want to use MalwareBytes, you need to buy premium keys so you can get full protection from the antivirus.
I guess that HitmanPro is not free and you need to pay some money to get the full license.
Avira can be second protection with MalwareBytes, but I don't think that you need to install Avira if you already have a full license of MalwareBytes because it is enough to prevent from the malware.
If you want to be secure, I guess you can install Linux in your pc

[bob123]

[...] because it is a fact that over 63% of viruses are never found.

I know that quite a lot of malware stays undetected.. but where do you got the 63% from ?
Do you have any source for this ?

This seems to be a very precise number.

[...] and almost all malware also comes encrypted through malware encrypters or normal encrypters that are advertised as normal file encrypters but is almost solely used for malware encryption that encrypts the virus [...]

Holy moly.. that's a lot of encryption here  Almost encryptception.

How to be secure?
What you want to do is do malware scans with different malware engines to check, because often they are very different and work in a very different way.

You mentioned yourself, that malware can hide itself (i.a. polymorphic, encryption, ..).
Therefore relying on AV's too much, won't help (not saying that it's not good to have one!).
And since checking all applications accessing some online services is not really an option on windows (for a not that techy user), the best weapon against malware is common sense IMO.

You should definitely include common sense in your small guide.

[bitmover]

I think people are too paranoid with viruses and malware.
People pay for expensive programs that supposedly would protect them from malwares, but they consume a lot of computer resources and are really not that effective if you have bad online habits.

You can live well online just with defender and Malwarebytes, if you have good habits online.

[r1s2g3]

I think , first user need to stop clicking the links that can lead to the malicious sites or download of these programs. Do not click the links if you doubt them.
When you are downloading any software ,make sure that you are downloading from the official link. Little caution is always a good thing.

[Pmalek]

You can live well online just with defender and Malwarebytes, if you have good habits online.

Good point, that's what many people fail to understand. They believe if they purchased a security suite that they now have this magical program that functions as a shield. In reality an anti virus is like pain killers or aspirin. If you don't get sick in the first place you won't need them.

I remember a few years back when an uncle of mine asked me to help him set up a facebook account and download a few things. I knew it was a bad idea but I helped him out. A few weeks later the guy got infected with some nasty thing that shared porn videos with his friends and family over Facebook.

[Harlot]

I think the point of of malware education shod always introduce first on how to avoid them first before you even start and try to detect them by downloading some softwares. You see most victims here from malwares, spywares, amd viruses are always careless with the sites they visit and the things they click and download online they don't spend some time observing if what they are actually doing is safe.  These kind of people need to learn that not everything they find online are safe and maybe most of the sketchy things they find online will exactly do the complete opposite.

[Adriano2010]

Always is better to stay away from malware and other viruses if possible, and also don't download any unknown software or access some strange links from mail, and i will suggest anyone who want to hold crypto to buy a hardware wallet, now are not so expensive, and can save a lot of money from any virus.

[Velkro]

You really need to format your topic well in order to catch the attention of the reader and make them eager to read through.
Have you wondered why nobody has replied your topic since yesterday?

It's because of poor formatting, no clear outline of subtopics, title or references... everything is just jumbled up.

Agree and i would add to that, it looks like copy-paste from somewhere because poor formatting point to this conclusion.
Why? Because if author would so much time writing this article/guide he would format it a little bit to show his work properly.

[bitcoinblog]

I am using Free Avast so far no problem i faced ever.

But i heard there are many Browser addons/plugins developed which can use resouces from your system to mine there coins while you are working on those browser. They are utilizing very less % so end customer never realized if his machine is getting used by 3rd party. Beaware of it.

[Malvika_sitlani]

 Nowadays hackers are very smart and they always find a way to steal from people.alaways double-check the address where you are supposed to send your coins.
If some malware program installed once without your knowldge your funds will send to the hacker's address instead of the particular exchange address.
If the coins are confirmed by the blockchain it can't be reversible.
So it is good to check what type of program is accessible on your device by your administrator.
Try to up to date one good virus scanner for your system.

[BitMaxz]

I am using Free Avast so far no problem i faced ever.

But i heard there are many Browser addons/plugins developed which can use resouces from your system to mine there coins while you are working on those browser. They are utilizing very less % so end customer never realized if his machine is getting used by 3rd party. Beaware of it.

Avast is good as free but the only problem is it may slow down your PC if you are using low-end specs because it can take more resources compared to other AVs.

If you care about security and privacy to all of your cryptos the best AV for me that I used for a long time and never had issues is Kaspersky Total because they also added security for crypto wallet and they recently added "Crypto-Exchange Security" which can help to protect from any malicious script or to fall to any frauds.

The only problem with this if they found a site or malicious software they automatically quarantine the software or the site that contains suspicious activity and it's not free but you have 30 days trial.

[Velkro]

You really need to format your topic well in order to catch the attention of the reader and make them eager to read through.
Have you wondered why nobody has replied your topic since yesterday?

Cheers.

Agree. Proper formatting could catch more attention but i would point to one more thing.
Make it easy to understand to your targeted audience. You want to educate people that are not educated in that field.
You should use simple terms, not get to too much details. Point most important stuff easily visible like

Most important steps:
1. xxx
2. xxx
3. xxx
4. xxx

etc

[Jet Cash]

I didn't read all of your post, because I found it difficult to follow. I think you are suggesting that you run two or more anti-virus programme in your computer at the same time. This can lead to neither programme working correctly, as they will interfere with each other. For example, if they are both trying to trap interrupts, and replace the handler address, then the OS could end up using the wrong handler for the current checking routines.