Today I've found an executable file named "000.exe" and my friend accidentally clicked on it, and the result is some of registry file has been changed. Well, I know that because the task manager has been locked for some reason, I just want to check the process the file created (since my Avira didn't detect any virus for it).
I unlocked the task manager by doing registry edit from run command (check there how to get to a run command), then regedit (fortunately, it's not disabled). Search for "DisableTaskMgr" by hitting F3, and then change the value into 0. And there.... you can see your task manager once again.
I checked on the processes, but It seems doesn't have anything suspicious, I even use "HijackThis" to check through the hidden process and use CCleaner to see anything suspicious in my startup options.
So far, I don't see anything yet.... I decided to do some search on google about how to see/trace any executable file create or changes in your system. And finally I got an answer of my need. I found this great site.
www.threatexpert.com is the answer to my worries. I registered there, and then upload the suspicious file. And it's only took 4 minutes to get the report I want (of course for free). From there, I found what does that file created and changed. Thank's to threatexpert.com
So, what is threatexpert? ThreatExpert is an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other-security-related risks in a fully automated mode.
So, how to use it? Here is the step by step guidelines :
1. Register (if you don't have threatexpert userid yet, be sure to read their ToC) or login at threatexpert.com
2. Upload your file from here. But, make sure that your file is not bound by copyright (make sure you read their ToC about this).
3. Wait for the report comes in, usually you can view your report sent to your mail or you can open it here . The report usually takes a few minutes or within 24 hours.
With the report I've got, I can search for the files that executable made and fix it. Hope this can help you as well.
No comments:
Post a Comment