Tag Archives: Virustotal

Keep An Eye On Your Internet Ports With Free TCPEye

botnet computersA network monitor will allow you to analyze  activity on your ports, and it’s a great way to  for you to double check which applications are connecting to the Internet – that’s a prudent practice.

If an application or process is opening ports on your machine, you need to be sure it’s doing so for legitimate reasons – that it’s not malware.

TCPEye is a particularly easy-to-use multi-language freeware network monitoring application, with a host of features. The application allows you to view a list of TCP/IP and UDP ports that are currently in use – including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.

If necessary, you can close a selected connection, and terminate the process using it.

Click on graphic to expand.

TCPEye

You can use the integrated VirusTotal Uploader to check if a process is legitimate, or malware.

Click on graphic to expand.

TCPEye2

Additional features include – integrated Whois lookup, GeoIP Tool, country flag icons, and more.

Click on graphic to expand.

image

Fast facts:

TCPEye displays the list of all currently opened TCP/IP and UDP ports on your local computer.

For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it.

TCPEye allows you to close unwanted TCP connections, kill the process that opened the ports, and save the TCP/UDP ports information to HTML file , XML file, or to tab-delimited text file.

TCPEye also automatically marks suspicious TCP/UDP ports owned by unidentified applications (Applications without version information and icons).

System requirements:  Windows 7, Vista, NT, XP, Server 2008

Download at: Download.com

For additional information on port monitoring applications, as well as how to use the Windows Netstat command, checkout – Who’s Using Your Ports? Find Out With These Free Port Analyzers, on this site.

Note: Steve Gibson’s website, Shields Up, is a terrific source of information where you can test all the ports on your machine, as well as testing the efficiency of your Firewall. Take the Firewall test; you may be surprised at the results!

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

4 Comments

Filed under Don't Get Hacked, downloads, Freeware, Interconnectivity, Malware Protection, Network Tools, Software, System Security, Utilities, Windows Tips and Tools

VTzilla – VirusTotal in Firefox

VTzilla browser plugin from VirusTotalVirusTotal, an invaluable free service to the Internet community, which utilizes 42 antivirus engines to analyzes suspicious files and URLs for all types of malware, recently released a Firefox only extension – VTzilla.

VTzilla is designed to scan URLs, links, and files (potential downloads) for malware, by employing the installed toolbar, or alternatively, the right click context menu.

Note: You can stop the toolbar from appearing, by making the required adjustment in Firefox’s: View – Toolbars.

Using the toolbar, I’ve plugged in my own site address as an example.

image

VirusTotal’s report indicates my site is a safe site, and does not contain malware.

image

Taking it one step further, (paranoid common sense), I’ve clicked on “View downloaded file analysis” within the report, which indicates all 42 engines found – there is no malware. The screen capture below, shows only part of the file analysis report.

image

The following two screen captures illustrated both my request to scan a link on my own site – Tighten Your PC’s Security With Free Encrypt Stick, using VTzilla’s right click context menu, and the “clean” result.

image

image

Next, I visited Download.com and set up a download. Before saving the file however, using the right click context menu again, I had VirusTotal perform a scan.

image

The result indicates a clean file.

image

A couple of caveats:

Regular VirusTotal users are aware that file size is restricted to 20 MB or less, and this restriction unfortunately, is still in effect for this new service.

VTzilla is available only as a direct download from the developer’s site at the moment. It should be available from Firefox’s add-on repository, in due course.

First impressions:

Overall, I think this extension has some value. But, it is not a panacea. More and more, if a site is imbedded with malware, just visiting the site can trigger a driveby download. Porn surfers particularly, need to take note of this.

System requirements: Firefox 1.5 – 3+

Download at: the developer’s site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

13 Comments

Filed under Anti-Malware Tools, Browser add-ons, cybercrime, Don't Get Hacked, downloads, Firefox, Firefox Add-ons, Free Anti-malware Software, Freeware, Internet Safety Tools, Online Spyware/Virus Scanners, Safe Surfing, Software, Windows Tips and Tools

Malware Removal Tips – Experience From the Trenches

Guest writer Mark Schneider gives you the best advice you’ll ever get on malware removal – “when it comes to malware removal, use a shotgun – not a rifle”.

image Cleaning an infected computer is a challenge. Unfortunately, malware writers are talented, and that translates into real trouble if your machine gets infected.

Many computers ship with large all-in-one security suites. These all-in-one programs look good on a checklist comparison in PC Magazine, but I prefer to use a variety of free programs from different vendors, each using a slightly different method of cleaning a machine, which gives you the best chance of finding all the bad files.

Recently, I had to deal with a Lenovo Thinkpad my daughter had been using – the laptop is a spare machine I use only occasionally, and had just been given a clean install of Windows XP.

After my daughter had finished using it, I did a routine scan using Malwarebytes, a very good free anti-spyware program. The initial scan found 15 infections, including some Rootkits, which can be very difficult to remove. Malwarebytes told me I needed to reboot the computer to finish the removal. I complied and rescanned.

Malwarebytes 1

Same results, same Trojans, same Rootkits, so I scanned with Microsoft’s Security Essentials, a new free anti-virus Microsoft recently released. Security Essentials found nothing at all, so I tried a new (to me) website, virustotal.com.

MS Security Essentials

Virustotal allows you to upload suspicious files to scan to determine if they are a threat or, possibly a false positive. I uploaded the file that was showing up the most frequently on the quick scans. Virustotal scans the file using over 40 different malware removal engines. Only one engine, McAfee Virus scan, found the file to be suspicious so I was beginning to think I might have a false positive. But, the fact that the file kept reappearing was very suspicious. Now I needed to get serious.

Virus Total 2

The next step was to run CCleaner a very good registry, and temporary file cleaner. CCleaner will make virus scans faster, and may delete files that are allowing a possible payload to reload when you restart the computer.

ccleaner2

After using CCleaner, I installed Superantispyware Free, a program that I always install as one as my primary tools to combat spyware. The fact that this computer was a fresh rebuild was the only reason I hadn’t installed it yet.

Installing and running Superantispyware goes very fast – it’s a great program that is the favorite of many computer technicians. Super lived up to its reputation, and found a number of problems, including one Trojan with multiple registry entries.

SuperAntispyware 1

Rebooting the machine after Superantispyware ran, finally yielded some results. Additional scans from Superantispyware, and Malwarebytes, came up clean.

My next test is to run HijackThis. HijackThis is a very powerful tool which must be handled with care. Installing HijackThis is simple; using it effectively is another story. The best method, for most people, is to run HijackThis and create a log file. Next, post this file to a web site where experts can parse your results and determine if you still have any suspicious files.

hijackthis

My preferred site is HijackThis.de – the site is primarily in German, but don’t let that deter you. They have a scanner which will scan your log file in real time and give you a good idea, right away, if HijackThis has found anything.

If you have run, and re-run your scanning tools, run a HijackThis, and everything comes up looking okay, you’re probably malware free. But for the next few reboots, you should continue to make sure your anti-malware programs are up to date, and keep rescanning periodically.

Most malware these days wants to hide in the background. You may be infected and never know your machine is stealing your passwords, and draining your bank account. So stay safe, keep your data backed up, and if you get infected, use as many tools as it takes to get secure again.

This is a guest post by Mark Schneider of the Techwalker Blog, who brings a background as a high level techie, to the blogging world.

Why not pay a visit to Mark’s site today.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

11 Comments

Filed under Anti-Malware Tools, Antivirus Applications, Don't Get Scammed, Don't Get Hacked, downloads, Free Anti-malware Software, Freeware, Malware Removal, Software, System Security, Windows Tips and Tools