Suspecting that there is a Malware in Your Windows Device?

It is Easy to say that we are trying to detect but it is not easy as it seems or as it is written, it is on of the toughest thing to do is to figure out that you have a malware but some people have the instinct and the experience more than others to smell those tiny hacking annoying and destructive programs and malicious codes. I will try to guide to detect some (not all no one can assume that they can find all the malware I will try to guide you with some of my Experiences).

First Who Creates Malware? By Kaspersky.com

Malware is created by a wide range of people such as vandals, swindlers, blackmailers, and other criminals. While the overwhelming majority of malicious programs are designed to make money illegally, the motives behind creating malware can range widely from pranks and activism, to cyber theft, espionage, and other serious crimes. If you’re mystified as to why someone would want to put so much effort into attacking your computer or your mobile device, let’s take a moment to consider the type of people that become malware creators… and how they benefit from creating malware.

Source : https://www.kaspersky.com/resource-center/threats/who-creates-malware

If you think you have a malware on your Windows Computer Follow these steps (it Might be Helpful for your case). 

1- Malwarebytes and Kaspersky Free:

Download Malwarebytes and Kaspersky Free from the internet

After downloading and installing run a Deep Scan with Malwarebytes check weather you have infected or if automatically there are quarantined files.

Run a Full Scan with Kaspersky Free and check whether you have infected or automatically there are some quarantined files and perform recommended actions for both Malwarebytes Kaspersky and reboot the system.

2- Check Startup & Process

Windows 7: Windows+R type in Run Command: Msconfig and go to startup Tab

Windows 8,8.1,10 : Right click on the Taskbar and go to Task Manager and open the startup tab

Look for something that is booting with the PC that is unfamiliar even if it was labeled as Microsoft or Office or Windows something.

For the Process go to Task Manager and in the Process Tab check the process for something unfamiliar or suspicious and try to google the name to see weather it is familiar with something you are using or installed to check if it has something in it's reputation for example the process named "explorer.exe"

I go to google and type : what is Explorer.exe in my process and as the report comes from there I will check weather my doubt is in the right way or just paranoid by performance or actions took on my behalf to get that weird malware attack feeling ... Depends on the action I took in the last days, hours.

3- Go to Windows + R and type: %appdata%

this command will take you to your Roaming Folder in Userprofile\Appdata\Roaming

in this step and later steps keep these setting while you are searching for that potentially Malware File or Malicious File.

go to your explorer any folder: View, Options, Change Folder and search options, View TAB (in windows 7: Tools, Options, View Tab).

check Show Hidden Files, Folders and Drives

uncheck these 4 "Hide Empty Drives"

"Hide Extensions for known file types"

"Hide Folder merge conflicts"

"Hide protected operating system files (Recommended)"

Check for files in there that are hidden and suspicious in weird names and scan those files with both AV.

and start searching the PC for weird files and things that seems to be tricky.

4- Online Scanning Tools

Every file you suspect it is a malicious file upload it to an online scanning antivirus Server Like (https://www.virustotal.com) or any other but this one I've tried and it worked perfectly.

after you are done from Step #4

TO Be Sure the  malware you are looking for or suspected in it is not sending logs and stuff to the attacker/Hacker Turn off your internet and work Offline.

5- Protect Your Accounts and Privacy

Use another computer system that is not related neither by network neither by USB(Flash Drives or External HDD) to change all your Passwords (Gmail, Outlook, Yahoo, Facebook all Social Media...) if you are using Browser's Password Saving Passwords (check that list and change all your Passwords on that list).

Activate on all sites Two Factor Authentication and try to receive SMS, Google Authenticator, before logging in to confirm it is you.

Log out of all other sessions from Google, Facebook, and any other site that has this feature. (Log Out from All Devices)

Review Login activity and emails sent from your e-mail(s).

Check your YouTube channel for videos if new videos were uploaded and report to google directly.

Inform everyone if they received from you an email to not open it or press on a link sent to them they might get infected too.

Check your Google Drive, One Drive, Dropbox or another Cloud Servers, for weird activities that you have not done any changes or uploads.

Make sure you inform google or outlook about the incident so you don't loose your account due to  usage of the account in a way that is illegal or not following the community rules on some Sites, uploads, mails sent from your account, searches that are suspecious, videos containing illegal substances.. ect ..

After the Confirmation that you have a positive malware you should Re-Install Windows OS but make sure that you do Step #5 and be sure to secure yourself and your accounts and put different email addresses to access those accounts and if applicable your phone number also to make sure that you will  not loose access to your accounts.

6- Conclusion 

Learn your lesson and don't press on any suspicious Link and don't download from Untrusted and Non-Genuine sources because Malwares and Viruses are Much more advanced than AV Files definition and Updates

7- Keep your windows and AVs Updated and Stay Safe

Always Update your OS  because Microsoft always sends Patches and Update Viruses Definitions and Keeps your privacy Safe.

Your Antivirus should always stay Updated so you can have a strong protective-wall against those malicious codes usually AVs Definitions are updated automatically every 3-4 days but it doesn't do any harm if you  check for yourself for your own good and safety of your privacy and files and your internet-social-life will be at minimum risk.

I Hope that I can Help Someone in this Thread. Comment below if you have any suggestion or any new method maybe we can Update together for a better community.

EL-GEO Certified Malware Analysis