Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

how to detect rogue software on a pc

Posted on 2014-12-22
4
128 Views
Last Modified: 2016-10-28
any recommendations to detect rogue software running on a pc?  was asked to check a pc for a software trying to snmp scan the network.

Running windows 7 enterprise 32 bit with McAfee antivirus
0
Comment
Question by:losgadas
4 Comments
 
LVL 93

Expert Comment

by:John Hurst
ID: 40513895
1. Do a full scan with your own anti virus above and then scan with Malwarebytes (malwarebytes.org).

2. Keep Windows updated. They just issued another version of malicious software scanner.

3. Train your users not to click on bogus links (Free, I can help). NO USER is a hapless victim. Always remember this.
0
 
LVL 53

Expert Comment

by:Joe Winograd, EE MVE
ID: 40513923
I'll put a +1 on John's recommendation of Malwarebytes. Note that there's a free edition that will allow you to do a manual scan, but it does not provide real-time protection. In order to get real-time protection, you must purchase the Premium edition. Regards, Joe
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40513994
Malwarebytes, tdsskiller, hijackthis
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 500 total points
ID: 40514107
In view of your question, perhaps you're more interested in rather assuring that there are no "rogue" software things on a computer.  And this perhaps after you've tried to clean it up.  That's a rather common situation.  

But you did ask about an SNMP "scanner".   I don't know that these would show up as parasites.  For example, one could put the Paessler PRTG on a workstation and it would scan the network for devices.  I've never seen it show up as a parasite though.  So any workstation owner could probably do this.  
HOWEVER, it also requires to some degree that the other devices on the network are set up to respond and/or send messages.  
The common community string is "public".  So maybe one way to avoid effective SNMP data gathering by just anyone would be to make sure all the devices have a different community string set up on them.
Maybe add "SNMP" to the keywords, etc. on this question to get better response.

If the issue is a bit broader and the question really is about whether parasites are not present then:
1) No antivirus/antimalware scanner/remover is perfect.
2) Malwarebytes full scan is indeed a good starting point.  If it doesn't find anything then it's likely (most of the time) that there's nothing there.  You have to use judgment regarding this point.
3) Remove any installed programs that (with some experience) aren't "normal".  Conduit is associated with a wide variety of installed program names.  If you have much experience with this then, when in doubt, you're probably on the right track.  It can be better to be brutal than kind in this regard.  You might use
4) To be sure, you might also run HitManPro.
5) To be sure, you might also run RogueKiller.
6) Then, run ALL the web browsers over a number of site/page downloads and see if:
- the home page is what you expect.
- the new tab page is what you expect.
- the default search engine is what you expect.
- the pages resulting from a search and link click are what you expect.
7) To be sure, you might also run the ESET online scanner or Kaspersky's if you like.

So, it comes down to a combination of things that are obvious parasites and things that are intentional(?) installs but unwanted and, yet, appear to be benign.  The SNMP tools fall on the "good" side of the latter category so would be a special case I should think.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question