Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

how to detect rogue software on a pc

Posted on 2014-12-22
4
Medium Priority
?
141 Views
Last Modified: 2016-10-28
any recommendations to detect rogue software running on a pc?  was asked to check a pc for a software trying to snmp scan the network.

Running windows 7 enterprise 32 bit with McAfee antivirus
0
Comment
Question by:losgadas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 97

Expert Comment

by:John Hurst
ID: 40513895
1. Do a full scan with your own anti virus above and then scan with Malwarebytes (malwarebytes.org).

2. Keep Windows updated. They just issued another version of malicious software scanner.

3. Train your users not to click on bogus links (Free, I can help). NO USER is a hapless victim. Always remember this.
0
 
LVL 55

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 40513923
I'll put a +1 on John's recommendation of Malwarebytes. Note that there's a free edition that will allow you to do a manual scan, but it does not provide real-time protection. In order to get real-time protection, you must purchase the Premium edition. Regards, Joe
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40513994
Malwarebytes, tdsskiller, hijackthis
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 2000 total points
ID: 40514107
In view of your question, perhaps you're more interested in rather assuring that there are no "rogue" software things on a computer.  And this perhaps after you've tried to clean it up.  That's a rather common situation.  

But you did ask about an SNMP "scanner".   I don't know that these would show up as parasites.  For example, one could put the Paessler PRTG on a workstation and it would scan the network for devices.  I've never seen it show up as a parasite though.  So any workstation owner could probably do this.  
HOWEVER, it also requires to some degree that the other devices on the network are set up to respond and/or send messages.  
The common community string is "public".  So maybe one way to avoid effective SNMP data gathering by just anyone would be to make sure all the devices have a different community string set up on them.
Maybe add "SNMP" to the keywords, etc. on this question to get better response.

If the issue is a bit broader and the question really is about whether parasites are not present then:
1) No antivirus/antimalware scanner/remover is perfect.
2) Malwarebytes full scan is indeed a good starting point.  If it doesn't find anything then it's likely (most of the time) that there's nothing there.  You have to use judgment regarding this point.
3) Remove any installed programs that (with some experience) aren't "normal".  Conduit is associated with a wide variety of installed program names.  If you have much experience with this then, when in doubt, you're probably on the right track.  It can be better to be brutal than kind in this regard.  You might use
4) To be sure, you might also run HitManPro.
5) To be sure, you might also run RogueKiller.
6) Then, run ALL the web browsers over a number of site/page downloads and see if:
- the home page is what you expect.
- the new tab page is what you expect.
- the default search engine is what you expect.
- the pages resulting from a search and link click are what you expect.
7) To be sure, you might also run the ESET online scanner or Kaspersky's if you like.

So, it comes down to a combination of things that are obvious parasites and things that are intentional(?) installs but unwanted and, yet, appear to be benign.  The SNMP tools fall on the "good" side of the latter category so would be a special case I should think.
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question