Page 1

Copyright © 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc

For more downloads and a free TechRepublic membership, please visit

http://techrepublic.com.com/2001-6240-0.html

Version 1.0

October 1, 2009

10 more ways to detect computer malware

By Michael Kassner

After writing

10 ways to detect computer malware

, I received messages from members wondering why I didn't

include various other anti-malware programs. I was hoping that would happen, simply because of the many
applications I am not aware of. Once I did some due diligence, I compiled the following list of additional programs.

Avira AntiVir

When they learned that my antivirus program is Avast!, several members mentioned I should give

Avira AntiVir

a

try. According to trusted reviews, AntiVir scores well on malware-locating tests. It also rates high on prompt
delivery of new signature files. Both are important, with the proliferation of zero-day malware, making AntiVir a
good choice.

Emsi a-squared

Emsi a-squared

is another member favorite. I now understand why. The anti-malware scanner was reviewed

favorably in respected third-party surveys. All of the reports mentioned a-squared's user interface and fast scan
times as valuable features. Note: The free version of a-squared is only a scanner, so additional real-time
protection is needed.

Microsoft Security Essentials

Security Essentials

needs to be mentioned, even though it hasn't been released yet. I couldn't test it because I

missed the beta cutoff. But a CIO friend of mine is running tests and likes it. Her only issue is the slow scan rate.

She also commented, "It's about time Microsoft offered an antivirus application." Her opinion makes sense.
Having a built-in AV simplifies things and should eliminate problems like Windows Firewall did. There are plenty of
rumors as to when Security Essentials will be released, all pointing to sometime in the fourth quarter of 2009.

Microsoft Event Viewer

While I'm on Microsoft, I want to mention Microsoft's built-in

Event Viewer

. It should be the first place to look if

something appears to be wrong. If an error shows up, double-click it and look at event properties to see what
happened. If that's not enough of an answer, check Randy Franklin Smith's

Ultimate Windows Security

Web site

for more detailed explanations.

X-RayPC

X-RayPC

is a diagnostic tool similar to HijackThis. X-RayPC's developers admit they like HijackThis and

incorporated many of the same features. To enhance X-RayPC, they added a triage service. The service checks
scan results against

SpywareGuide

, an online database. X-RayPC then reports back whether the file is known,

unknown, or suspicious. This allows the user to make an informed decision before removing questionable files.

1

2

3

4

5

10 more ways to detect computer malware

Page 2

Copyright © 2009 CNET Networks, Inc., a CBS Company. All rights reserved. TechRepublic is a registered trademark of CNET Networks, Inc

For more downloads and a free TechRepublic membership, please visit

http://techrepublic.com.com/2001-6240-0.html

Note: I debated whether to include both SystemLookup and VirusTotal, because of their similarity. But
SystemLookup represents the opinions of independent experts and VirusTotal represents the views of anti-
malware companies. That difference convinced me each has its place.

SystemLookup.com

If you want more information about a certain process or file,

SystemLookup.com

is the place to go. Type the

filename or CLSID into the search box, and an answer should appear. As of today, the site's database contains
more than 85,000 items, all verified by an independent community of anti-malware experts.

VirusTotal

VirusTotal

is the go-to Web site if you have any apprehension about a file/program already on the computer or if

you wants to load unknown software on it. In either case, it's simple to find more information.

Upload the file to the VirusTotal Web site. After a few seconds, a detailed report will display. If one or more of the
32 anti-malware companies has an issue with the file, their comments will show up in red.

Third-party firewalls

I mentioned earlier that Windows Firewall was a welcome addition. Still, it's limited in its functionality. That's why I
consider third-party software firewalls necessary, especially if the computer travels.

Most firewall applications offer additional services. They act as program guards, determining what software exists
on a computer, learning what the software is doing, and preventing malware from altering application code.

There are many free firewall applications. I hope members will mention their favorites and why. I currently use

Online Armor

.

Wireshark

When other options aren't working, using a network protocol analyzer like

Wireshark

may be the only way to

recognize the existence of malware. Wireshark lets you determine if any unexplained data traffic is being received
or sent by the computer.

The best way to use Wireshark is to run a baseline scan, trapping all traffic to and from the computer. Later on, if
something appears suspicious, run another scan, comparing the results.

Bleeping Computer's Combofix

Combofix

is an efficient scanner capable of removing files designated as malware. It also allows you to create

situation reports that can be used when seeking additional help. Combofix is one of those programs where you
have to be careful about removing files. I recommend using it to create a baseline report when the computer is
operating properly. That way, anything out of the ordinary will be obvious. Combofix comes highly recommended
by several TechRepublic members.

Final thoughts

As before, if I have missed your favorite anti-malware application, please let me know. For additional information,
check out the first article in this series,

The 10 faces of computer malware

.

6

7

8

9

10