Any way to tell?
If I have an infected computer on my local lan, will it infect other computers on the local lan?
I just recently cleared off some type of awful malware on an older slow computer and was easy to tell it had issues.
But how about a fast quad core PC, it always seems to work just fine.
One computer might infect other computers - it depends on lots of variables.
You cannot know if a computer is free from infections. You can only know that no infections were detected during various scans. We know that some infections go undetected for years (even 10 years). We don't know how many infections are in the wild - but are not yet detected.
A well written root kit can hide itself from scanners and it can hide its network traffic from monitoring tools. Monitoring network traffic using a computer that is running a unix/linux flavor is one way to detect bot-like traffic. Using a service like OpenDNS is another way to detect bot-like network traffic - except, OpenDNS can only detect certain types of botnet activity.
The difficulty in dealing with malware is the sheer variety and the incredible lengths it will go to to hide it's presence. There are many ways to do this and more are being developed all the time. There are no rules that govern how malware should act and what it can do is limited primarily by the abilities and imagination of the authors. Some types of malware have a form of automatic update which can update itself when the author releases a new version. And of course the authors never publish descriptions of what their creations are designed to do.
Some types of malware have immediate harmful effects when they are introduced to a system. Many others prefer to keep a low profile, at least for a time. Things like a botnet will want to keep hidden and do their work undetected for months or years to come. Harming the host would arouse the suspicions of the user who might take steps to have the malware removed. The lifetime of such malware on a specific host could be quite short.
I believe that many of the apparent results from malware infections were not intended by the author. In many cases the results are due to interactions with other malware and to bugs in the code itself. It is not like the users (victims) of malware can report back to the author about any problems they are having.
Here is an example of an infection that seems to have been around since 2007 and yet it went undetected by various types of scans.
Kaspersky Lab Uncovers ?The Mask?: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers
:-(
Stay on the lookout for an Internet connection that seems inexplicably slow when you are online as it may be that a botnet infection is using your connection to send or receive data.
If this happens, stop surfing, close your email software (e.g. Outlook) and try and open Task Manager by pressing the CTRL, ALT and Delete keys at the same time then selecting Task Manager.
When Task manager opens click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be further evidence of something using your internet connection without your knowledge.
That is a good place to start.
Process Explorer would probably be a better tool than Task Manager:
Process Explorer 16
You can turn on the columns that show network activity and the VirusTotal column.
Resource Monitor is also better than Task Manager for looking into network connections.
That said, there are infections that cannot be found via any of the tools mentioned. They can hide their network traffic.
A high level of unexplained Internet activity could mean a malware infection. But the lack of such activity is by no means an indication your system is clean. In years past malware was much simpler and could often be detected by simple means. Those days are gone. Smart malware (and these days most of it is) will use the Internet only for short periods and often mixed in with other activity. A high priority for malware is to never do anything that might arouse suspicion in the user of it's presence.
The bottom line is that there is no simple way to determine that your computer is or is not a member of a botnet. Not anymore. It requires the use of sophisticated tools and the advanced knowledge to use them. And even then there is no guarantee. That is the reality with modern malware.
Malware has gotten more diabolically sophisticated.
I just cleaned off malware with the help of a very knowledgeable fellow here.
I was thinking I would have to wipe it and re-install it all.
The bad thing is I was running avast and that did not stop the malware.
So it is like you never know when it will come back. And does not seem to be much that runs real time to stop it?
I had downloaded some codec packs when trying to get WMC to play mkv and flash files. Maybe that is where it came from. But just a guess, I have no idea. That was a 2 months ago and the malware effects hit me this week.
Some people think their PC is slowed down cause it is not powerful enough for today, then get a newer one when they likely have malware infection instead.
I've never had any problems with these:
Download K-Lite Codec Pack 10.30 (Full) - FileHippo.com
or
http://www.filehippo.com/download_klite_mega_codec/
Quote