#Is there a way to know exactly what a piece of malware does and how to get rid of it?

Like, sandboxing it and / or getting some log file of what it installs and does.

you get rid of it by making a fresh install

windows Pro got a developer feature for an simulated windows sandbox environment, but without code you can just guess what it does

Ok tnx, do you know what WMI provider host is and why it uses so much cpu

It used 20% out of nowhere last time i checked (vans where suddenly going on)

WMI is a part of windows , anything of win32 is in it

like you install a printer then you make a new wmi object

Ye ok, buy why did it randomly use 20% cpu

when you request a service from WMI , it will push up WMIs cpu usage, i wouldnt mind if it goes up

No normally i wouldn't but i just recoverd from some malware so im kina skeptical

there is no "recover" from malware when you didnt fresh install windows

Why is that (i did a fresh install but wondering)

a "virus" can do anything, like deleting important files, write stupid values, get passwords, anything

So? Resetting windows or just deleting the malware may work just as good... I just was (and still partially am) so paranoid that i did a clean install

@twilit crag

you cant just "delete" malware

a new fresh install of windows is the only way of getting rid of it

and most viruses are undetecable as they are for example keyloggers ( like tik tok search ) who dertect all key strokes and send them to a server somewhere, there they combine the strokes to search results and sell this data to companies, guess how you get always the correct ads 🙂

selling > destroying
selling is worth more than encrypting and destroying a user

Doubt "most" virusus are

Nothing is undetectable

Also you didn't give any aguments as why a piece of malware would survive a system reset, this would only occure if it is in another partition (E.g. Recovery)

create a file in windows.old then it survives a reset

but seems like you are anyway a proffesional so you dont need help

Why would it... and also this limits usage due to the file extention

Not trying to offend you in any way btw, i ask these questions since i concidder myself everything but a pro lik

@bleak lake

i can help you

Ok...

so what's your problem?

I just wanted to know if there is a way to tell exacly what a piece of malware does

malware is doing bad and destroy the system

like trojan and bitcoinminner

and adware and spyware

and more of it

the file extention has absolutely 0 impact on anything

Doesn't it kinda determind wether the file can be executes or opend?

I mean not malware in general but a specific piece

nop, that behaviour is determined by the flags set on a file

create a new file and delete the .txt from it then right click and open with editor => you can still write in it

for an OS anything is a file, even the folder is a file

the extension is just a hint for some programs, like windows got the setting to open .txt files with the editor, thats just for the program to simplify it for the user

Well yes but if i change the file extention form e.g. exe to dll the file became uselss

if you say in powershell ". fancyexe.dll" it will run it as a program

it just became "useless" because the program thought that it is an dll and treated it as that

Ik, that is kinda my point

Anyways, i doubt there are thath many malware going this far to remain on the system

the virus can copy itself to the windows.old, it can do anything

I mean like... It is not the primary objective to keep the host infected

I reinstalled my os though...

reinstall or reset?

Reinstall

oke then change the passwords as a virus can read the credential managers generic entries

Why? I reinstalled

yes but for example office makes a generic credential to make an "auto login"

but a process without adin privileges can access that credential manager and gather the password in nanoseconds

while you were infected

currently your OS is clean, but it could be that the virus stole your entries of passwords before you made the reinstall

In that case i would have noticed it... I have 2fa on everything

ah oke good, would recommend to look out for unexpected attempts on login

I have been for the past 3 weeks lol😂

I became infected more than a month ago and am still a bit paranoid

and yes the reinstall was mandatory

Depends...

you reinstalled and you got 2fa , nothing can happen anymore

Then it was not mandatory, just optionall

Otherwise i would have to live with the thought my device micht be infected

if the virus is a keylogger, it wont be detected by any anti virus

Why wouldn't it? Malwarebytes claims to be on the lookout for keyloggers

any program is a keylogger, for example games, they look out for keystroke events if you want to type texts

a antivirus cant detect if the intent is malicious or not

for example tik tok browser is a key logger with intend to gather what you search

afaik

Programs in the backgroud, in a currently not selected windows shouldn't be logging keys

bots do that, keepass ( most famous password safe )

You watch a lot of tiktok don't you 😂

im on 9gag ...

´so somehow yes

i made a powershell shell script which sends the windows shortcut ctrl alt a automatically to keepass, its not that hard

My understanding of english is good enough untill the point where people started using abbreviations.

Impressive...

for an attacker is the hard part on getting triggered, there malwarebytes could detect malicious software

I think i should switch to linux tbh... Les risk with malware... But what keeps me win are the games and so much software

did you download the virus?

What virus? The one that got me paranoid?

Yes, and install it unfortunately

linux has same amount of problems but the range of targets is too small, until 2016 you could have unlocked sudo without a password

We live in 2022 now me boy

thats weird, normally the defender scans all downloaded stuff

did you have an antivirus back then?

I had a 3th party av

ahh, other anti viruses block the defender

Also the malware was a package installer (most likely)

Wich sucks, mcafee is shitty overall, now im just using defender

yup thats good

there is still guys with windows 7 😛

Tbh, 8 would have been worse

yes, a destroying anti virus couldnt destroy anything on 8 as its allready destroyed without doing anything

Anyways, i should stop being paranoid and take some rest. Agreed?

Fax

nothing can happen anymore, reinstall + password secured, you are safe now

Ok, tnx Joreyk

by the way

the windows sandbox feature was meant for that

Win 11 pro isn't it?

it simulates a windows environment but when you close it it will delete it

I gotta go now btw

type in "activate windows features"

and search for "windows sandbox

idk if its available in home edition

it came with win10

but needs to be enabled

Probably not rip

Ik

Just don't think home allows me to actually use it

can be

its sad that this is not available everywhere..