Printable View
I have a question which many of you had understood by reading the title. I want some way to detect botnets. I had gone through wikipedia article based on the virus, but it is a bit complex to understand. I think some of my systems are infected botnet. I have a antivirus software installed in my computer and it has given me warning recently. Full HD doe snot detected any dept infections. I use the system to make some banking transaction and think that this botnet can spy my password.
There are number of antimalware and rootkit detectors that can help you out. A number of antivirus comes with rootkit detection and they are capable of finding and removing them. Instead of locating a botnet detector use a powerful antimalware software that can find and remove them on their own. There are tons of cleanup tools that can help you to deal with this infection. I am using the latest edition of Norton Internet Security which I found more helpful and it worked fine. It keeps the system secure and does not allow any internal threat to track your confidential information.
What you are actually trying to do. Do you want to detect the spwyare or botnet or wants a powerful security against them. There are tons of trusted software that you can go for. I had seen malware cleaner which works quiet well. You must keep them updated. If still you suspect then you can simply use a bootable disc to scan for virus. To get more effective scan, run the same in safe mode. It offer you a clear way of cleaning the system. Install latest browser with updates so that there will no vulnerability that can be accessed.
Check the process that are running in the background. You can locate suspicious things through that. There are tools like Process Explorer, Hijackthis, etc which can give you a detailed information on the number of services running in your system. You can then find the associated information on the same and the use it block threats. Also if possible try to monitor your network traffic. Botnets mostly try to connect with distant systems sniffing your data. Virus attacks on Windows registry primarily so that they can modify system access and work quietly in the background. Soon you will find your system flooded with lots of virus.
That is quiet nice answers. But for an average user, it is complicated to detect a virus. There are tools, but they are complicate to understand. The report generated does not give you much highlight. There are many processes which are mostly associated to system and there is no tool that can simply differentiate between a suspicious and non-suspicious service. Check in Task Manager > Performance. How much system resources are used.
Today virus are bit more advance compared to security tools we are using. If you had worked on server security then you can get more aware about complex technologies involved. Botnet are set of systems which are already affected and now program to infect others. So if you feel that your system is getting continuous virus attack, then check your lan connectivity and if you are on a WAN network as the admin or ISP to check the details. Mass attack are carried by attackers to for profit reasons. You can keep your secure if you are just aware how to avoid such things. Like not visiting compromised website, avoid using pirated softwares/OS/games, etc. Attacker attract users by providing free stuff which is loaded with malicious code and one the end user download that the chain reaction starts.
It is possible through portscan. You can monitor the network activity by locating the reason for unauthorized traffic. Basically when a virus enters your system, it tries to communicate with other infection computer and tries to spread. They use open ports or simply modify the system settings. You can use a port scanner software to locate which app is associated with which port. You can in that way find that your system is not acting as a bot. To detect that run any good port scanner and then launch your web browser or mail client. Surf web for about 10 to 15 mins. Check in the port scanner what you can find. Is there any unknown traffic source detected.
I am using Webroot Antivirus. I found it quiet effective in many cases. It has a firewall and powerful virus engine to detect and combat with infection. I had checked in it and there is no open port listed. I have around 40 workstation configured on my network. So if one is infected then there are chances of getting the same on all. The firewall looks to be working fine. It will block any incoming connection if located. But in a client system I found a entry in the log which is about some ip address of asia. I had not seen this entry before. I had used port scan but there is nothing associated with the ip. However I am going to keep a more close watch to this and hope that I will locate some reliable program or software that can be utilized.
Ample of things that I had seen in my system are adware. They are responsible for those unnecessary popups. We are also facing a common redirect problem on 4 workstation. So to some extent it looks even when the security was on, the adware was able to enter the virus. Also there are some suspicious service which can be keylogger. As we deal with some banking work, so there are chances someone has played with the settings. With a port scanner or simply with security tools there are symptoms that can be traced or avoided.
The connection can be detected. The antivirus should be capable of doing that. I will advice you to use a licensed version of any nice antivirus like Norton. This would give you full security support and the virus definition. There are tools like Autorun and Sysinternal though which you can check and verify the startup tools. If you are not aware of using the same then you can simply read a kb article on Microsoft that will offer you a more detail support. It is also necessary that you must keep your OS firewall turned on. Because the same filters your incoming and outgoing traffic. Malware's can be smarter but they never enter on their own. To access various methods are used to encourage a user. Like free tools, popups, attachments, buggy software, fake updates, etc.
This are common with botnets. For single user it is more complicated to run all those tools and perform some kind of audits. There are tons of ways by which a system can be infected. To keep yourself secure it is necessary that you must keep your system updated. Firewall keeps a eye on ports and you will receive a popup when any kind of unknown service tries to access your system.
I had heard about a .net virus which has infected a number of systems. I had found a nice article on the same that says about the vulnerability. When you scan a port of a system which has a virus infection then you can find what all IP or stuff is trying to connect. There can be malware which appeared in your system through a data transfer. To some extent the antivirus is a infected computer is of no use. You can use some online scanner to detect malware and then take necessary actions.
It is very complicated to find the malicious files. It is not easy at all. I have a old system where I seen a number infected dll files. Those are important for windows to work properly and if you play with them your system might crash. The best way to fix those is replacing them. But there are tons of files and it is not possible for you to replace each of them. If you have a large data-center and if you are worried about the infection you must deploy some utility that can scan and verify the system integrity. There are commercial AV programs that are much better in many ways to give you full protection.
Did your antivirus caught any of them. Check the Quarantine of logs where you can find list of infection. You can schedule a full system scan each day to keep an eye on upcoming infections and ensure that your system stays safe. If somehow your PC becomes a part of botnet then that does not means it is going to spread keylogger in entire network. Botnet are mostly used to derive a common function through malicious file and with powerful security audit tools you can locate them.
Download a good port scanner. A number of antivirus comes with powerful port scanner software that gives you the current information on ports open or closed. You can block the one which is suspicious. It is correct that you have to inspect the log everytime to locate some infection in the same.