Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 148
  • Last Modified:

how to detect rogue software on a pc

any recommendations to detect rogue software running on a pc?  was asked to check a pc for a software trying to snmp scan the network.

Running windows 7 enterprise 32 bit with McAfee antivirus
0
losgadas
Asked:
losgadas
1 Solution
 
John HurstBusiness Consultant (Owner)Commented:
1. Do a full scan with your own anti virus above and then scan with Malwarebytes (malwarebytes.org).

2. Keep Windows updated. They just issued another version of malicious software scanner.

3. Train your users not to click on bogus links (Free, I can help). NO USER is a hapless victim. Always remember this.
0
 
Joe Winograd, EE MVE 2015&2016DeveloperCommented:
I'll put a +1 on John's recommendation of Malwarebytes. Note that there's a free edition that will allow you to do a manual scan, but it does not provide real-time protection. In order to get real-time protection, you must purchase the Premium edition. Regards, Joe
0
 
Trenton KnewOwner / Computer WhispererCommented:
Malwarebytes, tdsskiller, hijackthis
0
 
Fred MarshallPrincipalCommented:
In view of your question, perhaps you're more interested in rather assuring that there are no "rogue" software things on a computer.  And this perhaps after you've tried to clean it up.  That's a rather common situation.  

But you did ask about an SNMP "scanner".   I don't know that these would show up as parasites.  For example, one could put the Paessler PRTG on a workstation and it would scan the network for devices.  I've never seen it show up as a parasite though.  So any workstation owner could probably do this.  
HOWEVER, it also requires to some degree that the other devices on the network are set up to respond and/or send messages.  
The common community string is "public".  So maybe one way to avoid effective SNMP data gathering by just anyone would be to make sure all the devices have a different community string set up on them.
Maybe add "SNMP" to the keywords, etc. on this question to get better response.

If the issue is a bit broader and the question really is about whether parasites are not present then:
1) No antivirus/antimalware scanner/remover is perfect.
2) Malwarebytes full scan is indeed a good starting point.  If it doesn't find anything then it's likely (most of the time) that there's nothing there.  You have to use judgment regarding this point.
3) Remove any installed programs that (with some experience) aren't "normal".  Conduit is associated with a wide variety of installed program names.  If you have much experience with this then, when in doubt, you're probably on the right track.  It can be better to be brutal than kind in this regard.  You might use
4) To be sure, you might also run HitManPro.
5) To be sure, you might also run RogueKiller.
6) Then, run ALL the web browsers over a number of site/page downloads and see if:
- the home page is what you expect.
- the new tab page is what you expect.
- the default search engine is what you expect.
- the pages resulting from a search and link click are what you expect.
7) To be sure, you might also run the ESET online scanner or Kaspersky's if you like.

So, it comes down to a combination of things that are obvious parasites and things that are intentional(?) installs but unwanted and, yet, appear to be benign.  The SNMP tools fall on the "good" side of the latter category so would be a special case I should think.
0
Tackle projects and never again get stuck behind a technical roadblock.
Join Now