Solved

how to detect rogue software on a pc

Posted on 2014-12-22
4
122 Views
Last Modified: 2016-10-28
any recommendations to detect rogue software running on a pc?  was asked to check a pc for a software trying to snmp scan the network.

Running windows 7 enterprise 32 bit with McAfee antivirus
0
Comment
Question by:losgadas
4 Comments
 
LVL 90

Expert Comment

by:John Hurst
ID: 40513895
1. Do a full scan with your own anti virus above and then scan with Malwarebytes (malwarebytes.org).

2. Keep Windows updated. They just issued another version of malicious software scanner.

3. Train your users not to click on bogus links (Free, I can help). NO USER is a hapless victim. Always remember this.
0
 
LVL 51

Expert Comment

by:Joe Winograd, EE MVE
ID: 40513923
I'll put a +1 on John's recommendation of Malwarebytes. Note that there's a free edition that will allow you to do a manual scan, but it does not provide real-time protection. In order to get real-time protection, you must purchase the Premium edition. Regards, Joe
0
 
LVL 9

Expert Comment

by:Trenton Knew
ID: 40513994
Malwarebytes, tdsskiller, hijackthis
0
 
LVL 25

Accepted Solution

by:
Fred Marshall earned 500 total points
ID: 40514107
In view of your question, perhaps you're more interested in rather assuring that there are no "rogue" software things on a computer.  And this perhaps after you've tried to clean it up.  That's a rather common situation.  

But you did ask about an SNMP "scanner".   I don't know that these would show up as parasites.  For example, one could put the Paessler PRTG on a workstation and it would scan the network for devices.  I've never seen it show up as a parasite though.  So any workstation owner could probably do this.  
HOWEVER, it also requires to some degree that the other devices on the network are set up to respond and/or send messages.  
The common community string is "public".  So maybe one way to avoid effective SNMP data gathering by just anyone would be to make sure all the devices have a different community string set up on them.
Maybe add "SNMP" to the keywords, etc. on this question to get better response.

If the issue is a bit broader and the question really is about whether parasites are not present then:
1) No antivirus/antimalware scanner/remover is perfect.
2) Malwarebytes full scan is indeed a good starting point.  If it doesn't find anything then it's likely (most of the time) that there's nothing there.  You have to use judgment regarding this point.
3) Remove any installed programs that (with some experience) aren't "normal".  Conduit is associated with a wide variety of installed program names.  If you have much experience with this then, when in doubt, you're probably on the right track.  It can be better to be brutal than kind in this regard.  You might use
4) To be sure, you might also run HitManPro.
5) To be sure, you might also run RogueKiller.
6) Then, run ALL the web browsers over a number of site/page downloads and see if:
- the home page is what you expect.
- the new tab page is what you expect.
- the default search engine is what you expect.
- the pages resulting from a search and link click are what you expect.
7) To be sure, you might also run the ESET online scanner or Kaspersky's if you like.

So, it comes down to a combination of things that are obvious parasites and things that are intentional(?) installs but unwanted and, yet, appear to be benign.  The SNMP tools fall on the "good" side of the latter category so would be a special case I should think.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now