How to check for an infected network and Clean up the mess
After helping a few schools recently I thought I would share an article that I passed along to them.
I recommended that they take a sample of their network; 5% of their computer systems picked at random from all segments of their network. I was assuming they are not running a flat network and they are actually using VLANS.
Here are the things they suggested to look for -- & I am including some of the utilities that I use to discover and remediate an infected machine(s):
Up-to-date antimalware scanner (with a definition file no older than 24 hours) that is configured for constant detection – I like Avira Free AntiVirus http://tiny.cc/funrbx and it has portable version Another free option for home users http://www.forticlient.com/
Up-to-date software and patches (no more than a week old)
Check security logs for abnormal events
Check all autostarting software and research any unknown software found – I like Autoruns http://tiny.cc/fenrbx or Starter http://tiny.cc/jjorbx
Review network traffic flows (in Windows you can do netstat -ano) looking for unusual activity
Check all installed software and make sure everything is legitimate and needed
Peruse folders and directories for rogue software or files -- I Like SlimCleaner http://tiny.cc/ninrbx and Ccleaner http://tiny.cc/ahnrbx both can have portable versions
Look for files and folders with excessive permissions --ShareEnum http://tiny.cc/aqmrbx is a great quick tool.
Check the TCP/IP configuration and hosts file for rogue entries
Monitor net flows and look for strange or unusual network traffic flows – I like solarwinds netflow http://tiny.cc/8morbx
Article Taken from http://tiny.cc/r0nrbx