H
H
Herman Martin2018-11-22 13:51:20
Malware
Herman Martin, 2018-11-22 13:51:20

How to find malware that has recently entered the system?

There are windows 7. I have not been using any antiviruses for about 5 years. To control the system, I use utilities from sysinternals and some other standard and not very programs. Sometimes I download X Internet Security. (x is an arbitrary manufacturer of anti-virus software), I do a full database update, a full scan and delete it.
So - today I turn on the computer and I immediately see 50% processor load. I look and see that it is ctfmon.exe that loads it. I think it's ok, it'll close soon. But no - I wait another 20 seconds and nothing is going to leave. This load of the process usually indicates that the process is not working properly. I end the process and literally after 2-3 seconds another process comes out, which also has a 50% load, I reset it, I get 1 more new process, which has the same load, by fighting with randomly starting processes, the following was revealed:
processes with names are created automatically - ctfmon.exe, SearchIndexer.exe, wuaclt.exe, dwm.exe, dwmHost.exe and others, process names like SearchIndexer and dwm are assigned new letters on the right and start, i.e. the process name is dynamically generated.
Everyone is 50% loaded.
In addition, if you try to quickly drop them all, then conhost.exe and taskhost.exe are also
launched . it started so many times and I dumped it. by resetting only the process that gives a load of 50%, you can achieve almost 0 load others. If you try to reset all of them, then processes will inevitably pop up that give a load of 50% So far, I just went through this case using avz, I did not find anything. Question to experts, how to investigate the system and find the culprit?
ggbv8s0tru8t4jyjtpfbnjuibv8.png
rprwnxykncu0gmauyssvpudi-9u.png

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Alexander, 2018-11-22
@NeiroNx

There are 100,500 places to hide it. I would rearrange the system, it's more reliable.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question