The best tool to check and delete malwar in case the exe are crypted and Av can’t remove is Anvir Task Manager
- What is a Malware of virus ?
it ‘s a kind of programming file that have a bad affect to the target machin
- Kind of malware ?
1 – Virus
Corupt the machin and make the machin slow and change the real settings
to protect ouer self from a Virus you need to scanne your usb with Anti virus when you plug it to your machin
you need to Not download any file and execute before you scanne it with AV and test it in virtual machin
the file must not use multi proccess in proccess explorer , if the real file binded with virus you will see 2
proccess the first one is the file and second one is the virus , mean even if you see the real file executed in your
machin note that virus is injected also( the Binder is a tool that fusion a real file wih a virus )
you can also see the size of file before download if it is big than the real one note that is binded with virus
mean size of file + size of virus and you can know that is fake
also you can compare real file Md5 with fake Md5 file , if they not same mean the file are edited
by binder or a Reverce ( Reaverce is injecting a downlaod execut of malwar from direct link and executed via cmd )
this reverce can be found in file exe or dll of your file or doc and any kind of file .
2 – Worm
his basic fearture is spreading to get max machin infected the ways of spread are lot
exemple : USB – Lan ( Local area network ) -P2P like torrent – Chat like chat bot , he auto past a direct link of a malware
from machin infected to all contact skype or facebook or viber also SMS if target is android
if your usb is infected and inside usb you have a shortcut from a worm you must know that this shortcut try to
redirect you to click to the worm and your file in the same time mean the usb try to infect you
and after your machin be infected any new clean usb enter to it the worm try to past himself to the clean usb
and creat shortcut to make ready to infect others
note that shortcut is not olny method exist to infect with usb , the socond method is Autorun.ini
the auto run is a file inside the usb or cd that auto execute a exe without user click this method are used
for windows xp , the windows 7 and upper microsoft stop this method .
other way are user is USB exploit without shorcut wihout autorun but a inject a worm via reverce
like BAD usb method and usb Ruber Ducky and other CVE
to protect your self you need to scanne the usb before plug it and update your windows to the last to
fix this exploit CVE about usb ruber ducky you will see cmd pop up Vmwar goo to test before use unknow
device in same time use Proccess explore
3 – Stealer
the basice feature is to get all your stored password Browser or Email or Chat or Files and send them to hacker to his
email or panel php or FTP he dont corupt machin but steal a sensitive Data
to protect your self from it you can try to discounnect from self to internet and try to run the stealer server
no data will sent to hacker the stealer exit him self after get password and send to target not like worm and virus
the stealer not stay to a target machin his job to steal and send and kill himself
if you check the porccess you will see the file stay some time after that kill himself becose he end his job
if before you execute the stealer server you cut the internet the stealer decrypt but he don’t send any data
after that kill his proccess
4 – Ransomwar
it is a bad method that hacker use to get money from trarget , the malware Encrypt all the file of target and
ask money to Decrypt the target machin files
to portect from this attack you can go to Start menue > Accessories > system Restauration in windows
then switch it to a date before your machin was corupted
5 – Trojan
is a malware that use connection TCP or UDP to control a machin for bad things , the RAT is a tool that
used to control a machin fore legale things but hacker use it for bad usage so the hacker use it to own a machin
without user knoledg , it make hacker spy and stay in machin and get password and see procceesss
and download files and lot of other feature , mean the hacker own the machin over connection
the weakness of the rat is the startup , you can stop it by delete from startup ( the startup make the trojan back eatch
time you turn on the machin )
the good tool used to delete Trojan from start up are a tool called Anvir task manager Free you can check all startup
and delete the trojan , the trojan use the connection without internet the trojan will never work , the trojan work
without internet if case the hacker is in your lan network in the malwar connection you will see that he try to connect
to the hacker machin 192.168.x.x this about lan and in case the hacker is outside the network the trojan connect to the
external hacker ip so most of hacker use VPN virtual private netowok or RDP Remote Desktop to protect his ip to be
tracked from the taget machin
6- Miner
some hacker want to win money so they use malwar , all machin infected are Miner slave
the basic way that use this Miner is CPU you will see that taget have slow machin becose the lot of CPU usage
are under Miner tool , some other way use ADS link to execut in lot of machin to get money from Ads
this link can be hidden or not
other way used , is to Auto past hacker wallet when the malwar detecte a btc wallet or any other wallet
the attack used when target machin try to send mone to other persone , the sender copy the wallet of reciver , in this
time the malwar copy the hacker wallet and replace with recived wallet without the sender know , after that the
sender send money to hacker , to protect your self from this attack you need to check the reciver wallet eatch time you
send money to any one , this attack can if your machin infected , even if your machin is not infected this attack can be
?? Yes if you use a rdp and in this rdp a malwar when you copy wallet in your clean machin the malwar in rdp detect it
and past hacker wallet from rdp that you open in your macin and past to you
Note this a basice information about the malwars and not all