Freigeben über


Driver Manager & malware

Protecting yourself from malware can be difficult, especially when it comes to identifying malware in your environment. Malware has become stealthier, and there are so many elements to check for potential infection that you can sometimes overlook? malicious code without recognizing it.

So, how can you effectively find malware on your PC?

 

You can rely on antivirus and antispyware tools or use online scanners such as the OneCare scanner to find potential infections. But is this enough?

Besides relying on malware tools, can you see yourself using other tools to scan for malware?

Since several of the recent blog entries have been asking malware related questions, I thought it would be prudent to provide something you can take away with you this time around.

Recently I ran across a thread discussion about checking inactive devices in your 'device manager' as a possible way to identify installed rootkits.

I tested this theory by using a command-line version of device manager called DevCon, and found some interesting information , but unfortunately didn’t see anything suspicious to investigate.

If you’re interested in trying it yourself, you can do so by downloading DevCon from https://support.microsoft.com/default.aspx?scid=kb;EN-US;Q311272 .

To use the tool:

First dump your devices that are visible to a file.

devcon.exe find * >file1.txt

 

Then run the tool to list all files visible and hidden.

devcon.exe findall * >file2.txt

 

Compare the files.

fc file1.txt file2.txt

 

Since File compare is limited, I would recommend using a tool such as examdiff, which you can download from: https://www.prestosoft.com/ps.asp?page=edp_examdiff

 

Try it out, let me know if you find something interesting on a system.

Comments

  • Anonymous
    August 21, 2007
    Thanks to you posted this blog... It's a practical tool.