How to check for an infected network and Clean up the mess

February 26, 2014

 After helping a few schools recently I thought I would share an article that I passed along to them.

 

I recommended that they take a sample of their network; 5% of their computer systems picked at random from all segments of their network. I was assuming they are not running a flat network and they are actually using VLANS.

 

Here are the things they suggested to look for -- & I am including some of the utilities that I use to discover and remediate an infected machine(s):

 

Up-to-date antimalware scanner (with a definition file no older than 24 hours) that is configured for constant detection – I like Avira Free AntiVirus http://tiny.cc/funrbx and it has portable version Another free option for home users http://www.forticlient.com/

 

Up-to-date software and patches (no more than a week old)

 

Check security logs for abnormal events

 

Check all autostarting software and research any unknown software found – I like Autoruns http://tiny.cc/fenrbx or Starter http://tiny.cc/jjorbx

 

Review network traffic flows (in Windows you can do netstat -ano) looking for unusual activity

 

Check all installed software and make sure everything is legitimate and needed

 

Peruse folders and directories for rogue software or files -- I Like SlimCleaner http://tiny.cc/ninrbx and Ccleaner http://tiny.cc/ahnrbx both can have portable versions

 

Look for files and folders with excessive permissions --ShareEnum http://tiny.cc/aqmrbx is a great quick tool.

 

Check the TCP/IP configuration and hosts file for rogue entries

 

Monitor net flows and look for strange or unusual network traffic flows – I like solarwinds netflow http://tiny.cc/8morbx

 

 

Article Taken from http://tiny.cc/r0nrbx

 

Please reload

Featured Posts

12 Tips of Cyber Monday, Online Shopping Tips

November 25, 2019

1/10
Please reload

Recent Posts

November 25, 2019

Please reload

Search By Tags
Please reload