How to: Investigate Virus Activites on Windows

Common signs of Viruses: Unusual messages may appear on your screen. Decreased system performance. Missing data. Inability to access your hard drive. Steps to identify the Viruses: Isolate/disconnect the machine from the network. Check/kill for the unusual processes. Use process explorer, task manager, etc,. Check/delete for any new users’ added in administrator (or) power user groups. Check/delete for any new unusual files created. files like .exe, .bat, .tmp, completely in hex code, etc,. in folders like %Systemdrive%, %WinDir%system32, %ProgramFiles%, %WinDir%system32Drivers, %Systemdrive%Recycler, etc,. Sort the files by date created or modified. Check/delete any extra keys created in below startup registry paths. […]

Read more