Uploaded by Charlie Bravo

Identifing and Removing Malware

• At first, we will discuss Trojan horses, it is the most popular type of
malware. In this, the attackers pretend this malware as something beneficial,
such as a specific offer or present, to infiltrate a computer system so that
people would enter it without any hesitation.
• Moreover, Trojan Horse malware often shares the same capabilities as other
malware counting, spyware, and adware producing tremendous obstacles for
the users.
There are some features which this malware does if it gets into your system, hence it steals sensitive data,
crashes your device, takes your personal information like payment card information.
Mainly its blocks your anti-virus software, and thus it slows down your system, and it does not operate
properly. Therefore it’s essential to protect your system from this malware.
•A Trojan Horse can only enter a system if the user gives permission.
•Therefore it applies false information in downloads during the agreement section.
•Thus you should use discretion to withdraw accidental downloading, for example, which could really harm
your computer or PC.
• Next, we will discuss the Worm. Usually, it is like a virus in the way which can reproduce
itself to affect other computer systems.
• But, not similar to a virus, a worm doesn’t require to be connected to a current program or
be provoked to perform as we know that a virus needs human interference to enter a file,
attachment, or website link while a worm can attach to file by itself and self-grow.
Moreover, a worm can reduce bandwidth, install a backdoor or unnecessary programs, and even “eat up” all data
files and functioning systems until the drive gets empty.
As we have known from the above para that worms don’t need any interference of the user to be issued or
proclaimed, thus they are unusually complex to protect against and to get rid of computer systems.
As we all know very well that its prevention is quite complex, but the fact is that you can simply make your PC
secure simply by activating the firewall, as it will simply limit or reduce network traffic, particularly the unapproved
• Now, we will discuss Adware, it is one of the types of malware attack that
automatically passes notifications to a user to create wealth for its producer.
• Adware is mainly used in conjunction with spyware. Thus it can be done with
the help of pop-up internet ads or ads inserted in the interface of a program.
Not only that even it also collects personal data and information through spyware, and several
advertisements can be provided to the users.
Thus this malware penetrates the privacy of users and causes interruption of computer functionality and
You can simply prevent this malware by observing the locations from where they are downloading the
details because the unknown websites are general territories for adware.
• Next, we have Cryptojacking attack, it is basically a type of malware
that utilizes a victim’s computing capability to pit for cryptocurrency .
Thus we can say that Cryptojacking is illegal to use someone else’s processor to pit for
cryptocurrency. Coin mining malware attack increases by 29%.
Hence, hackers do this by both getting the victim to agree on a malicious link in an email that
obtains crypto mining code on the computer or by poisoning a website or online ad with JavaScript
language that auto-executes once stored in the victim’s browser.
You can prevent Cryptojacking by installing an ad-blocking or anti-crypto mining extensions on your
web browsers.
Moreover, you should use endpoint security that is proficient in identifying known crypto miners and
also keep your web filtering devices up to date and, at last, maintain browser expansions.
5 . S P Y W AR E
Then we have Spyware on our list. It is accurately what you would imagine this
malware intended to spy on and all collect information about the user.
Moreover, it can be practiced to follow and monitor internet activity, find and obtain delicate information,
and log keystrokes.
Thus if your system grows affected with spyware, then the hacker can gain all the information, payment card
information, and the customer profiles of the companies.
This liberated activity and information can be exchanged or utilized to harm the affected user.
•There is a pop-up window that can incorporate spyware just by agreeing on the link or window, or by
unintentionally installing spyware to the computer.
•Thus by withdrawing these links can stop an accidental download.
After that, we will discuss ransomware, it is a type of malware that can stop
users from being able to log into their PC or to have access to their data. It can
also delete or distribute data if a payment is not forthcoming.
Thus it restricts a user from introducing to a file within encryption. But, hold on, let me clarify one most important
thing if you are thinking that once the demanded amount is paid your PC will be unlocked, then you are totally
wrong, as there is no guarantee after funding the desired ransom will restore your system and the data.
According to the McAfee Labs report, ransomware grows 118% in the year 2019. The ransomware attacks keep on
Most ransomware today falls under two categories:•Locker ransomware – It reduces the entrance to the computer or affected device.
•Crypto ransomware – It simply restricts access to files and collecting data.
Although malware is continuously growing, therefore, there are simple stretches of ransomware that have been
recognized and classified, including Cerber, CTB-Locker, TeslaCrypt, and CryptoWall.
An affected system cannot negotiate data that has remained backed up offline. Therefore, users who encounter a
ransomware attack will have a whole unharmed backup of their files, and will not be required to pay the ransom to
gain access to their data.
• Next, we will discuss about Malvertising, it
is a grip of the malicious advertising, and it
is the use of advertising to develop
• It usually includes implanting malicious or
malware-laden advertisements into
authentic advertising networks and
Thus advertising is a great way to expand malware because the meaningful effort is put into ads to
create them attractive for the users to sell or advertise commodities.
Moreover, Malvertising gain profits from the reliability of the sites it is located on, just like as highprofile and popular news websites.
You can prevent this malware by Security researchers because it advises installing antivirus tools so
that you can keep all software updated from time to time, consisting of the operating system,
browsers, Java, and Adobe Flash.
Moreover, you can achieve more effective protection just by avoiding the use of Flash and Java
• Next, we have Backdoor, it is a secret method of circumventing standard
authentication or encryption in a computer system, embedded device, or
other parts of a computer.
Backdoors are usually used to achieve remote access to a computer or obtain access to encrypted files.
However, it can be utilized to gain access to, fraudulent, delete, or give sensitive data.
Backdoors can take the form of a private part of your program, for example, trojan horse, an individual
program, or code in firmware and working systems, hence, backdoors is widely known.
For preventing this malware, you must install a compelling antivirus with top-notch malware exposure and
blocking abilities, for example, a firewall and a network monitoring tool.
• After that, we will discuss
about Rootkit, a combination
of malware that is designed to
give unlawful access to a
computer or area of its
software and usually masks its
existence or the occurrence of
other software.
Moreover, Rootkit establishment can be automated, or the antagonist can advance it with official
Rootkit relocation can be complicated or nearly impossible, particularly when rootkits remain in the
kernel, thus firmware rootkits may need hardware replacement or specific equipment.
The best way to prevent Rootkits is to avoid it to prevent from being installed in the first place.
At last, we will discuss the bots and botnets, it is basically a computer that is
contaminated with malware that enables it to be remotely managed by an
The bot can be used to launch more cyber attacks or convert to a botnet that is a collection of bots.
Therefore, botnets are a conventional method for dispersed denial of service that is DDoS attacks,
growing ransomware, keylogging, and increasing other types of malware.
There are several things to consider such as Anti-Botnet tools, Software patches, Network
monitoring, and user awareness.
Identifying Suspicious
Rootkits and Trojan
CD Bradley
Identifying Suspicious processes Exercise
It is not always an option to rely on antiviruses and antispyware
software. You need to know how to detect and remove
unsolicited programs by yourself If you suspect your computer is
running malware, you should:
• Disconnect it from the network
• Identify suspicious processes and drivers
• Stop the unwanted programs
• Block the unwanted programs from running automatically at
system start
• Find and delete program files and registry entries made by
the programs
• Restart the computer and repeat steps 2 to 5 Process Explorer
may be helpful in identifying malware
Identifying Suspicious processes Exercise:
An infected computer runs between 20-40 programmes on
average and try to prevent each others removal
When you’re on a lookout for unwanted programs, pay
attention to processes that:
• Lack an icon or have an icon belonging to a different,
popular program, Lack a description, Lack a vendor name
• Have files that present themselves as Microsoft’s, but don’t
have the right signature , Have files stored in the Windows
• Are compressed or packaged, Have files that contain
suspicious strings or URLs, Wait for network connections or
exchange data using networks
• Hide behind the Svchost.exe or Rundll32.exe processes
Identifying the
Process Explorer
Removing malware
Removing a malicious program starts with stopping it
Malicious programs monitor each other’s processes and if
they detect one has been stopped, another process will
start it again
Many unwanted programs modify also other running
processes so that they will restart them if they are stopped
Rather than stop a process, you should suspend it
When you detect and stop the processes of malicious
programs, you need to prevent them from starting
Removing malware
The Msconfig system tool does not monitor all paths, and that is
why you need another Sysinternals Suite program, Autoruns, to
block unwanted software
The last step in the removal procedure is detecting and deleting
the programs from the disk and system registry If you cannot
delete the unwanted file:
• Use Process Explorer to identify and stop the process related to
this file and try to delete it again
• If that doesn’t work (the file may be protected by a driver or
system process) try to change its name or extension. If this works,
when you restart the computer you will be able to delete the file
• If it doesn’t work, delete the file using MoveFile
detecting rootkits
A rootkit is a program designed to cloak itself or other objects
from users and system administrators
Rootkits may be used to hide:
•Malware or attacks
•Internal system mechanisms
•Additional services/ programs
• Selected files, folders,
• registry keys,
• network connections,
• user accounts, drivers, etc
Rootkit Remover- Bitdefender
Anti-Rootkit from MalwareBytes
Remediation and Removal
Remove any virus from your PC
with only 5 in built windows
Will kill the process, but what’s
the issue here?
The bad actor designed a malicious word document. He sent
the document via email with a description of “How to
prevent Corona-Virus”. When the victim opened it, a file got
downloaded in victim’s system by which attacker got a
remote shell connection/ RAT. Now victim suspects that he
has been hacked.
Can he trace and remove the malware from his system?
 Netstat : Displays all remote IPs that are connected with my
PC and used port status. It also shows the corresponding
protocol and process ID by which the remote connection is
 Tasklist: Displays information about currently running process
in my PC including: process name, PID, memory taken etc.
 Wmic: Awesome tool; it gives us numerous info about my PC
like OS info, file system info, running process info etc. This is
depreciated, use powershell <Get CimInstance> then
<ClassName Win32_PhysicalMemory | Select-Objectcapacity>
 Taskkill: Used for stopping any process in command line
 Findstr: Find any specific string from input taken; used here
for filtering output.
Web Sites