How to check for an infected network and Clean up the mess

February 26, 2014

 After helping a few schools recently I thought I would share an article that I passed along to them.


I recommended that they take a sample of their network; 5% of their computer systems picked at random from all segments of their network. I was assuming they are not running a flat network and they are actually using VLANS.


Here are the things they suggested to look for -- & I am including some of the utilities that I use to discover and remediate an infected machine(s):


Up-to-date antimalware scanner (with a definition file no older than 24 hours) that is configured for constant detection – I like Avira Free AntiVirus and it has portable version Another free option for home users


Up-to-date software and patches (no more than a week old)


Check security logs for abnormal events


Check all autostarting software and research any unknown software found – I like Autoruns or Starter


Review network traffic flows (in Windows you can do netstat -ano) looking for unusual activity


Check all installed software and make sure everything is legitimate and needed


Peruse folders and directories for rogue software or files -- I Like SlimCleaner and Ccleaner both can have portable versions


Look for files and folders with excessive permissions --ShareEnum is a great quick tool.


Check the TCP/IP configuration and hosts file for rogue entries


Monitor net flows and look for strange or unusual network traffic flows – I like solarwinds netflow



Article Taken from


Please reload

Featured Posts

12 Tips of Cyber Monday, Online Shopping Tips

November 25, 2019

Please reload

Recent Posts

November 25, 2019

Please reload

Search By Tags
Please reload