|02 Sep 2010||#1|
Quick Tip: Log all references to HTTP in your files and programs.
This is quick and dirty,
If you ever get hacked, you might not know it. Your Anti-Virus might miss the infection and the malicious process might run invisible to task manager.
One quick and dirty way to check for signs of infection is to create a log that contains all the URL's contained within the files and programs on your computer. Because almost all malware is going to try to send and receive files to and from your computer, making a log of every URL contained on your computer can reveal some really interesting information. For instance, you might discover that a PDF file you thought was inccocent , contains referrences to a known malware domain hosted in China or Russia.
To create your log, you will need:
Strings from Sys Internals: This tool will search through every file and folder on your computer (or just one if you prefer) and print out all the ASCII and Unicode text it finds contained within them. It is faster than FINDSTR in the command line, and its output is cleaner and more organized.
Please note that to use the script as is, you will need to place the strings executable in your system32 folder. OR, you will need to add the path of the strings.exe executable to your PATH environment variable.
Next, copy and paste the following command into a command prompt:
cls && cd \ && strings -q -s | find "http://" > "%USERPROFILE%\Desktop\Http_Log.txt" && notepad.exe "%USERPROFILE%\Desktop\Http_Log.txt"
While doing this it will add every string it finds to a file on your desktop called Http_Log.txt ( > "%USERPROFILE%\Desktop\Http_Log.txt") and once that finishes, it will then open that log in notepad for you to view it ( notepad.exe "%USERPROFILE%\Desktop\Http_Log.txt" )
Once the log has been created, it is up to you to do with as you please. For me, I like to start looking for interesting strings. So I will do an Edit>Find in notepad and look for references to Chinese or Russian websites (.cn or .ru). I'll also look for key words like "password" ".dll" and other things.
Some technical notes:
|My System Specs|
|Similar help and support threads for2: Quick Tip: Log all references to HTTP in your files and programs.|
|A couple quick questions about .reg files...||General Discussion|
|Saving order of programs in custom quick launch toolbar||Customization|
|Windows firewall - A quick question about blocking outgoing programs||System Security|
|quick lauch type toolbar for All programs||Customization|
|System Restore - Files that are kept (quick question)||Backup and Restore|
|Download Free Security Quick Security References from M||News|
© Designer Media Ltd
All times are GMT -5. The time now is 03:03 PM.