Sunday, December 31, 2006

Sysinternals Tutorial Videos on Fighting Malware

Alex Eckelberry of Sunbelt Software beat me to it, but I found these two wonderful tutorial videos a few weeks ago on how to fight malware.

Both are from Mark Russionovich (Microsoft Sysinternals), creator of the slew of must-have free utilities for sysadmin's including three big-boy sticks: Process Explorer, Process Monitor and Autoruns.

His first video "Advanced Malware Cleaning" reviews a malware infection process, and then illustrates how to use Sysinternal's tools to clean the system of malware.

The second video "Advanced Windows Troubleshooting with Sysinternals Process Monitor" is a great introduction to the latest stallion to join the Sysinternals stables: Process Monitor. He guides the viewers through the basics in using Process Explorer, how Process Monitor compares to the tools Filemon and Regmon. Then he explores file system and registry issues troubleshooting before looking into processes and threads. Mark concludes with data mining and saving and logging events.

These tools and techniques are among the foundations I use when approaching and assessing a hostile machine at work. They give a great window into just what is going on. Armed with that knowledge, I can then make a targeted and effective attack on the malware and begin the recovery and sanitization process.

Having these videos is a great introduction into the power of these tools--from the Master himself!

(System) Locked File Deletion Utilities

Making its debut: Malwarebytes' FileASSASSIN 1.02 (freeware) utility. This is another tool to use in trying to delete locked files from your system.

Other similar tools: Locked Files Wizard (freeware), DelAny (freeware), DelLater (freeware), Unlocker (freeware), WhoLockMe (freeware), Force Delete (freeware), and Killbox (freeware).

I keep all of these tiny apps handy on my sysadmin USB stick...just in case!

Happy Hunting!

--Claus

No comments: