Malware analyzing tools?

[gbugbear at gmail.com (Tim Mugherini)]

HI There!

All Great tools and advice thus far.

I have a silly question, have you determined why system performance is slow
(i.e. CPU cycles, RAM usage, Memory paging out, Disk Frag, Network
connections - has previously suggested?). Once determined, what process(s) /
services are chewing up resources? I have seen one incorrect mapped drive or
badly written start-up script smoke a Windows box's performance because the
My Docs directly was pointing to it and every app on Windows points to My
Docs.

Previous mentioned tools like Process Monitor, AutoRuns, and Process
Explorer from sysinternals can help with this process (pay special attention
to svchost.exe and what is running within it - google will be your best
friend here).

Also check out this one: http://www.eset.com/download/sysinspector.php
@lennyzeltser posted that on twitter the other day. I briefly checked it out
but seemed pretty solid. It will perform an analysis of processes, services,
registry, startup items, etc.. on Windows system and try to identify
probably risks. It generated a few false positives in my case but try and
cross reference it with what is eating up your physical resources. Here is
where the fun begins and you begin to google and learn what processes and
servcies should and should no be running and what may be hiding in one of
these legitamate processes.

I hope this helps!

Tim

On Fri, May 15, 2009 at 8:30 AM, Raffi Jamgotchian
<raffi at flossyourmind.com>wrote:

> Combofix from bleeping computer is good to run after you run tools.
>
> ----
> Raffi
>
> On May 14, 2009, at 9:55 PM, infolookup at gmail.com wrote:
>
> > In the pass I have used hijackthis, malwarebytes, autorun, process
> > explorer among others.
> > ------Original Message------
> > From: Subba Rao
> > Sender: pauldotcom-bounces at mail.pauldotcom.com
> > To: Pauldotcom
> > ReplyTo: PaulDotCom Security Weekly Mailing List
> > Sent: May 14, 2009 9:22 PM
> > Subject: [Pauldotcom] Malware analyzing tools?
> >
> > My computer has become really slow recently.  I have been going to
> > YouTube, Facebook sites a lot.  What worries me is that some malware
> > got
> > on to my system and causing the slow performance.  I have tried
> > Mandiant's Red Curtain and it did not find anything.  Are there any
> > other tools that will look at my files to detect malware?
> >
> > Thank you in advance for any help.
> >
> > Subba Rao
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> >
> >
> > Sent from my Verizon Wireless BlackBerry
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090515/371710b3/attachment.htm