top of page

How to check for an infected network and Clean up the mess

After helping a few schools recently I thought I would share an article that I passed along to them.

I recommended that they take a sample of their network; 5% of their computer systems picked at random from all segments of their network. I was assuming they are not running a flat network and they are actually using VLANS.

Here are the things they suggested to look for -- & I am including some of the utilities that I use to discover and remediate an infected machine(s):

Up-to-date antimalware scanner (with a definition file no older than 24 hours) that is configured for constant detection – I like Avira Free AntiVirus and it has portable version Another free option for home users

Up-to-date software and patches (no more than a week old)

Check security logs for abnormal events

Check all autostarting software and research any unknown software found – I like Autoruns or Starter

Review network traffic flows (in Windows you can do netstat -ano) looking for unusual activity

Check all installed software and make sure everything is legitimate and needed

Peruse folders and directories for rogue software or files -- I Like SlimCleaner and Ccleaner both can have portable versions

Look for files and folders with excessive permissions --ShareEnum is a great quick tool.

Check the TCP/IP configuration and hosts file for rogue entries

Monitor net flows and look for strange or unusual network traffic flows – I like solarwinds netflow

Article Taken from

Featured Posts
Recent Posts
Search By Tags
bottom of page
Cookie Settings