I have a situation and where I might be infected or have software on my computer recording, keystrokes and or screenshots possibly but leads me to believe this is occasionally have programs closing on me that shouldn’t be at all in more than an operating system so what I’m wondering is than regular antivirus software scans such as Microsoft defender or Microsoft additional scan tool and or something like an bootable iso that scans I’ve also used Tyron Script I haven’t been able to locate anything on my machine. I’m looking for resources. It might help me to use to identify such programs on my system is there anything more advanced I could use or any other ideas and suggestions out there? I want to ensure I have a clean safe environment
On an already infected computer you can no longer trust the results any antivirus or anti-malware security tools give you. Nowadays malware is advanced enough to be able to hide from such tools if it’s already running.
If you have access to a clean PC you can create a bootable USB stick with tools such as Kaspersky Rescue Disk 18. You can then use this stick to boot your potentially infected PC from, update the antivirus definitions and run a scan this way.
This will most likely be my last post in here… But i will contribute with my thoughts.
I have the principle of zero trust.
as soon i just suspect for a millisecond an computer might be infected, then i handle it as it is infected.
DrHeat suggestion is a good one. as you no longer runs the infected OS and then its less likely the virus/malware can disable/hide from a virus scan.
My way is as i mention is zero trust… i shut down the computer as soon as possible.
I then boot the computer with a Linux flash-drive/USB-stick and then i backup all the latest data i dont have backup of, to a USB stick or an external drive.
I use disk imaging as a fast restore solution… that way i know i dont have to start from zero of a full install, so i dont have to redo all tweaks and all customisation.
and if i dont have an image… then i reinstall the system just to be sure i dont have a malware/virus hidden on the system.
and if I’m curious… as i often am when it comes to infected machines.
Then after i have made the backup from the linux boot, i delete personal data from the disk with linux after i have it on an external disk so the data is safe…
But then i reboot the infected computer on an isolated part of my network i have just for doing stupid stuff. *lol’ and i start different monitor software to inspect the disk activity and network activity just to see what is going on and if i can trace it backwards… and if i find something interesting i then send it of to europol’s cyber security team.
So my advice is… zero trust… back up your data and then wipe the computer… as then you never ever have to wonder if the virus scanner really did its job.
Pull your network connection as you do not want it traversing your network.
What I would do is a full wipe from an external USB. I know that is really extreme but it is the only way to be completely certain nothing remains. I also find that wiping Windows once and a while speeds things up considerably.
Wiping is definitely not the easiest but it is the most effective.
