Go Premium for a chance to win a PS4. Enter to Win


how to detect rogue software on a pc

Posted on 2014-12-22
Medium Priority
Last Modified: 2016-10-28
any recommendations to detect rogue software running on a pc?  was asked to check a pc for a software trying to snmp scan the network.

Running windows 7 enterprise 32 bit with McAfee antivirus
Question by:losgadas
LVL 99

Expert Comment

by:John Hurst
ID: 40513895
1. Do a full scan with your own anti virus above and then scan with Malwarebytes (malwarebytes.org).

2. Keep Windows updated. They just issued another version of malicious software scanner.

3. Train your users not to click on bogus links (Free, I can help). NO USER is a hapless victim. Always remember this.
LVL 56

Expert Comment

by:Joe Winograd, EE MVE 2015&2016
ID: 40513923
I'll put a +1 on John's recommendation of Malwarebytes. Note that there's a free edition that will allow you to do a manual scan, but it does not provide real-time protection. In order to get real-time protection, you must purchase the Premium edition. Regards, Joe

Expert Comment

by:Trenton Knew
ID: 40513994
Malwarebytes, tdsskiller, hijackthis
LVL 26

Accepted Solution

Fred Marshall earned 2000 total points
ID: 40514107
In view of your question, perhaps you're more interested in rather assuring that there are no "rogue" software things on a computer.  And this perhaps after you've tried to clean it up.  That's a rather common situation.  

But you did ask about an SNMP "scanner".   I don't know that these would show up as parasites.  For example, one could put the Paessler PRTG on a workstation and it would scan the network for devices.  I've never seen it show up as a parasite though.  So any workstation owner could probably do this.  
HOWEVER, it also requires to some degree that the other devices on the network are set up to respond and/or send messages.  
The common community string is "public".  So maybe one way to avoid effective SNMP data gathering by just anyone would be to make sure all the devices have a different community string set up on them.
Maybe add "SNMP" to the keywords, etc. on this question to get better response.

If the issue is a bit broader and the question really is about whether parasites are not present then:
1) No antivirus/antimalware scanner/remover is perfect.
2) Malwarebytes full scan is indeed a good starting point.  If it doesn't find anything then it's likely (most of the time) that there's nothing there.  You have to use judgment regarding this point.
3) Remove any installed programs that (with some experience) aren't "normal".  Conduit is associated with a wide variety of installed program names.  If you have much experience with this then, when in doubt, you're probably on the right track.  It can be better to be brutal than kind in this regard.  You might use
4) To be sure, you might also run HitManPro.
5) To be sure, you might also run RogueKiller.
6) Then, run ALL the web browsers over a number of site/page downloads and see if:
- the home page is what you expect.
- the new tab page is what you expect.
- the default search engine is what you expect.
- the pages resulting from a search and link click are what you expect.
7) To be sure, you might also run the ESET online scanner or Kaspersky's if you like.

So, it comes down to a combination of things that are obvious parasites and things that are intentional(?) installs but unwanted and, yet, appear to be benign.  The SNMP tools fall on the "good" side of the latter category so would be a special case I should think.
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question