How to check for an infected network and Clean up the mess

After helping a few schools recently I thought I would share an article that I passed along to them.

I recommended that they take a sample of their network; 5% of their computer systems picked at random from all segments of their network. I was assuming they are not running a flat network and they are actually using VLANS.

Here are the things they suggested to look for -- & I am including some of the utilities that I use to discover and remediate an infected machine(s):

Up-to-date antimalware scanner (with a definition file no older than 24 hours) that is configured for constant detection – I like Avira Free AntiVirus http://tiny.cc/funrbx and it has portable version Another free option for home users http://www.forticlient.com/

Up-to-date software and patches (no more than a week old)

Check security logs for abnormal events

Check all autostarting software and research any unknown software found – I like Autoruns http://tiny.cc/fenrbx or Starter http://tiny.cc/jjorbx

Review network traffic flows (in Windows you can do netstat -ano) looking for unusual activity

Check all installed software and make sure everything is legitimate and needed

Peruse folders and directories for rogue software or files -- I Like SlimCleaner http://tiny.cc/ninrbx and Ccleaner http://tiny.cc/ahnrbx both can have portable versions

Look for files and folders with excessive permissions --ShareEnum http://tiny.cc/aqmrbx is a great quick tool.

Check the TCP/IP configuration and hosts file for rogue entries

Monitor net flows and look for strange or unusual network traffic flows – I like solarwinds netflow http://tiny.cc/8morbx

Article Taken from http://tiny.cc/r0nrbx

Featured Posts
Recent Posts