Forums
Main Category
General (Technical,...
Spyware Detectors
 
Notifications
Clear all

Spyware Detectors

 
Page 1 / 2
General (Technical, Procedural, Software, Hardware etc.)
Last Post by binarybod 16 years ago
11 Posts
7 Users
0 Reactions
1,109 Views
RSS
 Nish
(@nish)
New Member
Joined: 16 years ago
Posts: 4
Topic starter 13/05/2009 5:37 pm  

Hi All

I need to run a test that detectors spyware that is currently on a computer as well as detect traces of spyware when they have been deleted/ removed.

Does anyone know of a software that can do this or any other method that i can try?

Nish


   
Quote
dean
 dean
(@dean)
Active Member
Joined: 17 years ago
Posts: 8
13/05/2009 9:00 pm  

I too would be interested in this.


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
13/05/2009 11:58 pm  

For client use, as a removal tools, I like

SpyWare Terminator
Hi Jack This
Combo Fix

Each will generate logs of what they find and can offer removal of sorts.

I usually have to do some registry edits and file deletions as well.

Process Explorer is great for seeing the running processes particularly spyware.

How ever if removal has been done in the past in a very thorough manner you would have to do a deeper investigation.


   
ReplyQuote
 Nish
(@nish)
New Member
Joined: 16 years ago
Posts: 4
Topic starter 14/05/2009 12:35 pm  

Any idea's on how to check if they have been removed using Encase or any other tools


   
ReplyQuote
 brede
(@brede)
Trusted Member
Joined: 20 years ago
Posts: 64
14/05/2009 1:02 pm  

Hello Nish
You may try to use Eset Sysinspector free tool

Also see this
searhing Malware in running processes

presetation
http//www.mnin.org/video/malfind/malfind.html
script
http//mnin.blogspot.com/2009/01/malfind-volatility-plug-in.html


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
14/05/2009 9:28 pm  

Any idea's on how to check if they have been removed using Encase or any other tools

Restore points I would think could offer you some insight that way.


   
ReplyQuote
 paul206
(@paul206)
Trusted Member
Joined: 17 years ago
Posts: 70
14/05/2009 10:59 pm  

What are you analyzing? Is it an image in DD or EO1 or do you have the original hard drive or a cloned copy of the original? If you have the hard drive then start by scanning it with all the free online scanners not to mention the usual like SpyBot, Hijack This, etc. If it is an image and not the hard drive you will need to run it in a VM environment. Somewhere there is a free one and if I run into it I will send it.


   
ReplyQuote
 douglasbrush
(@douglasbrush)
Prominent Member
Joined: 16 years ago
Posts: 812
14/05/2009 11:08 pm  

. Somewhere there is a free one and if I run into it I will send it.

Live View
http//liveview.sourceforge.net/


   
ReplyQuote
 paul206
(@paul206)
Trusted Member
Joined: 17 years ago
Posts: 70
14/05/2009 11:46 pm  

Many thanks to douglasbrush for the follow up on Live View. I am thinking it will only run a DD image and if you are in E01 you may need to spend some money for the software to run it. By the way I left out the obvious disclaimer that you connect your hard drive to a write blocker so your spyware scanners will not automatically disinfect and destroy your evidence! Your hard drive should always be on a write blocker by default anyway needless to say. I assume you have a case where the accused is saying it's not my fault, I was infected. D


   
ReplyQuote
 seanmcl
(@seanmcl)
Honorable Member
Joined: 19 years ago
Posts: 700
19/05/2009 12:09 am  

Many thanks to douglasbrush for the follow up on Live View. I am thinking it will only run a DD image and if you are in E01 you may need to spend some money for the software to run it.

FTK Imager (free download) will convert E01 files to DD without a problem.


   
ReplyQuote
Page 1 / 2
Forum Jump:
  Previous Topic
Next Topic  
Share: