Jump to content

A piece of malware is running via process injection question


Recommended Posts

11 minutes ago, JohnDoe said:

think the question might have been over your head. thanks though

@JohnDoe  Welcome,

The link you were given is the only place that kind of work or even advice on software can be given.

And no it was not over anyone's head.

 

That was a uncalled for response to a proper link.

Edited by Porthos
Link to post
Share on other sites

13 hours ago, Porthos said:

@JohnDoe  Welcome,

The link you were given is the only place that kind of work or even advice on software can be given.

And no it was not over anyone's head.

 

That was a uncalled for response to a proper link.

It wasn't a proper link because it didn't answer my question nor did it even come close. If I had asked "ohhh noooo I have a virus please help me" then sure. But I didn't. my question has a very specific answer. I can see that it was over your head as well.

Link to post
Share on other sites

16 hours ago, JohnDoe said:

A piece of malware is running on a Windows 7 machine via process injection, so it does not show up in a process list. What remote forensic technique could be used to discover the malware is running under the contents of a specific process?

 

15 hours ago, Porthos said:

The link you were given is the only place that kind of work or even advice on software can be given.

I fully understand. BUT we are NOT ALLOWED by forum policy to assist with malware removal ANYWHERE but in that forum section. NOT even to suggest the program you are looking for.

Please follow the rules and stop making the remarks that we do not.  know what your asking for. 

Edited by Porthos
Link to post
Share on other sites

  • Root Admin

Hello @JohnDoe

Please remember to have courtesy for others or you will find it difficult in most places to obtain assistance. Either thanking the user and rephrasing or waiting for another reply would be a better option.

Unfortunately this is not a training facility and we do ask other members not give specific malware removal advice unless they have training in this area.

https://forums.malwarebytes.org/topic/12264-groups-authorized-to-help-with-malware-removal-logs/

If you wish to track and debug it yourself then you could use Process Explorer which will be able to locate the process.

Thank you

Ron

 

 

Link to post
Share on other sites

7 hours ago, Porthos said:

 

I fully understand. BUT we are NOT ALLOWED by forum policy to assist with malware removal ANYWHERE but in that forum section. NOT even to suggest the program you are looking for.

Please follow the rules and stop making the remarks that we do not.  know what your asking for. 

I rephrased the question for you, I'm not looking to remove the malware, simply find it. Do you know the specific forensic technique I am trying to find?

Link to post
Share on other sites

JohnDoe:

Please realize that this is a Malwarebytes' Product support sub-forum.  Your question is Off Topic.

One of the rules of this forum is malware advice can ONLY be provided by certain Forum Member Groups and assistance in malware removal or detection is limited to only one sub-forum.

FORENSIC TECHNIQUE is not a covered subject matter.  I suggest finding a malware research Forum.

Link to post
Share on other sites

Once again...

"One of the rules of this forum is malware advice can ONLY be provided by certain Forum Member Groups and assistance in malware removal or detection is limited to only one sub-forum."

They are...Trusted Advisors , Experts and  Staff.

The objective of this Forum is two-fold.

  • To support the products that Malwarebytes creates
  • To assist the public in dealing with malware.  That includes best practices of prevention.

As a courtesy, there are sub-forums for General Windows computer and networking issues as well as places for members to just communicate.

The Forum is not a research Forum where Forensics is discussed.  You should try Wilders Security Forum.

Link to post
Share on other sites

  • Root Admin

@JohnDoe

I gave you the answer already. If you're unable to locate using Process Explorer then there isn't much else out there that is better. There are tools designed to remove it but you did not ask to remove, you asked to find it and Process Explorer can find except in possible rare cases where there is an onboard rootkit that is aware of Process Explorer and specifically targets the tool to hide from it. I'm not aware of any current infections though with that capability. A very basic analysis tool is FRST as you've certainly seen by now on the thousands of posts here and around the World on various other malware removal forums. Process Explorer is not typically suggested to most users as they don't have the knowledge to use it. I'm assuming you do if you're asking for help in finding it, and yes it is a Forensic Tool for analysis. There are other tools though that if you're here asking you would not be able to use as they're designed to do reverse engineering which without special training most users cannot use. 

Thank you

Ron

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.