Computing

[Tutorial] If your Windows system has been compromised

Submitted by CyberLeaks, , Thread ID: 224060

Thread Closed
04-11-2021, 11:47 AM
#1
READ THIS if you suspect that your Windows system has been compromised


Follow steps in order.
- Run a certutil -URLcache * delete on powershell, this will get rid of CryptNet SSL cache that some malware abuses.
- Check your hosts file for suspicious configuration.
- Download and execute Rkill, this will kill known malware services: https://www.bleepingcomputer.com/download/rkill/
- Download and run McAfee Stinger, anti rootkit, anti-malware process and more: https://www.mcafee.com/enterprise/en-us/...inger.html
- Download and run TDSS Killer, very similar to McAfee Stinger but from Kaspersky: https://usa.kaspersky.com/downloads/tdsskiller

- Install Autorun from sysinternals and upload hash from everything that runs to Virustotal.com (the autorun app has this feature integrated)
- Install ProcessMonitor from sysinternals and look for suspicious process, check if System PID is 4. If is not, it's not System.
- Install Malwarebytes, activate rootkit detection and deep analysis, then run a scan.
- Execute a DISM restorehealth, and AFTER it finishes, run a sfc /scannow
- Update your Windows
- Reboot
- Install HitmanPro and scan with it.
- DISM restorehealth again and then sfc /scannow again; if corrupted files found again, somethings fucky.
- If no corrupted files encountered, run an OFFLINE WINDOWS DEFENDER SCAN.

- Purge your system
[Image: mAqDXwz.png]

RE: [Tutorial] If your Windows system has been compromised

#2
iv eused malware bytes for forever are Mcaffe products still valid or are they software products for boomers?

RE: [Tutorial] If your Windows system has been compromised

#3
Are this on cases for virus or hacking ?
Something like that?

Users browsing this thread: 2 Guest(s)