Hi in this article we will see how to detect malware which may can cause your system slow down for this we need to do some tweaks.
First we need to understand how a malware can hide it self from Antiviruses. normally Antivirus ignore system services files like SVChost.ext the reason operating system use this executable to run processes so Antivirus rarely work around these kind of files & Hackers & spammers know this thing very well so they embed their malicious code to SVChost.exe or create their malicious code file with the name of SVChost.exe so apparently we need to monitor thins thing manually in order to identify is your system is infected we need to do some tweak..
1 – Need to Verify no SVChost.exe outside from System32 Folder
Start –> type SVChost.exe
If multiple files found from outside System32 remove those files.
2 – Need to Verify SVChost.exe Process .
cmd –> Type –> tasklist /svc /fi “imagename eq svchost.exe”
This will print something like below
Image Name PID Services
========================= ======== ============================================
svchost.exe 612 DcomLaunch, PlugPlay, Power
svchost.exe 692 RpcEptMapper, RpcSs
svchost.exe 784 Dhcp, eventlog, lmhosts
svchost.exe 824 CertPropSvc, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, ProfSvc, Schedule, SENS,
SessionEnv, ShellHWDetection, Winmgmt,
wuauserv
svchost.exe 884 EventSystem, FontCache, netprofm, nsi,
W32Time
svchost.exe 928 Netman, TrkWks, UmRdpService, UxSms,
Remove All unknown processes.
3 – Need to verify that External Processes
For this i would recommend to use “CurrPort” this tool will print all the connections & IP which created using system services
Download Links :
http://www.nirsoft.net/utils/cports.zip
http://www.nirsoft.net/utils/cports-x64.zip
Download your CPU suited version perform a scan
Delete the Processes which are not known..