I write this article to describe how to get a very good protection indipendent from any kind of standard security adopted (i talk about antivirus, firewall, antispyware) to detect suspicious resident malware (trojan, worm, spyware…) in sistemi Windows (in particolare riferimento da Windows 2000 in poi) within system analysis thanks some cool free tools!
The symptoms that could make a suspect of them are:
– slow system (large usage of resources)
– programs not well working
– no legitimate network activity
To analyze those elements with a first fast and summary check-up (i call it manual euristic identification !) we can use some Windows tools. First with Windows task manager we can see all running processes and with our “experience” we can see if there is something “bad”, excluding system processes and running programs/services that we know; about the perfomances we can view cpu and memory activities. Another useful tool it’s sure the MSCONFIG tool within we can see what runs at startup. About network usage we can see in task manager too, if there arent running programs that communicate in internet we should see 0 activities.
Within a series of free tools we can analyze better the system:
Windows Task Manager Extension for 32 and 64 bit as the name says replace/extend standard windows task manager: monitor I/O disk usage, network ports used and IP, etc…
Registry Prot is standalone program and gives realtime Windows registry protection by monitoring changes on it.