Malware Scene Investigator scans your PC for security issues

Martin Brinkmann
May 1, 2013
Updated • May 4, 2013
Security, Windows software

Most Windows users make use of various security related programs on their system to protect it from malware infections and other malicious attacks against their computer system. While there are certainly some that do not use protection at all, it is likely that the majority makes use of a firewall and an antivirus solution at the very least. Experienced users may implement additional programs, like the excellent EMET or on-demand scanners like Dr.Web CureIt or the highly popular Malwarebytes Anti-Malware.

That's still not all that you can do to make sure that your PC is not compromised. Tools like Secunia PSI can scan the system for vulnerabilities, and programs like SUMO or Slim Cleaner make sure all of the software installed on it is up to date.

Malware Scene Investigator falls into the second group of applications. It is an on-demand scanner that tries to detect malware by scanning the system for traces that are often indicative of malicious software. You can use it as a second-opinion scanner.

Requirements: The program runs on all versions of Windows from Windows XP to the very latest version. It does require the Microsoft .Net Framework 4.0 but does not need to be installed on the system before you can run it.

malware scene investigator

Hit the start scan button after the interface shows up on first start to run a scan of the system. It should not take longer than a minute and often even less than that. Note that the program window becomes unresponsive during the scan but does not crash. It will recover once the scan completes and display the results on the report tab that you see on the screenshot above.

You should see the alerts as hints and not as proof that someone or something manipulated your system. It is important to go through each alert to find out more about it. I was able to check several of the items on my system as false positives as soon as the report window was displayed in the program.

A click on the help me with the results link opens a local help file that explains what each alert type means and what you need to do to check it out manually. You can also switch to the detailed log tab for in depth information about each item, including full paths and such, which the main report tab does not always display.

The program scans the following areas:

  • Hosts file modifications
  • Suspicious file detection
  • Enabled proxy server
  • Network access to security websites
  • List of active TCP connections
  • Suspicious disk partition
  • Service state
  • Registry modifications
  • Suspicious startup entries
  • Security risks (e.g. outdated plugins)

Malware Scene Investigator may point you to areas of your system that may have been altered or modified. It requires that you have at least a basic understanding of the Windows operating system so that you can verify the alerts manually on it. It would have been nice if the program would link to the relevant areas directly, e.g. the folder the hosts file is located in so that you can save time going through the list of alerts.


Tutorials & Tips

Previous Post: «
Next Post: «


  1. Dan said on May 2, 2013 at 8:56 pm

    Worked every time on my Windows 7 64 bit with admin priv; it didn’t find anything I/task manager/Emsisoft EK/Malwarebytes/BitDefender/TechMicro/McAfee/Comodo/GMER apps also didn’t find (no false or made-up alerts); it properly called attention even to two malware test files on a USB stick. So far for rme, seems capable of doing what it claims.

  2. sr said on May 2, 2013 at 4:49 am

    Instant crash of the program after clicking Start Scan. Win7 64bit…strange.

    1. PixelWizard said on May 2, 2013 at 9:15 am

      “Note that the program window becomes unresponsive during the scan but does not crash. It will recover once the scan completes and display the results on the report tab that you see on the screenshot above.” –Martin’s text

      On my Vista 32-bit machine it did *look* like a crash (the program window went all-black and Windows indicated it was not responding). But I just waited a few minutes – maybe 2 or 3 – and it did recover as Martin notes, displaying its results.

      Odd – yes. Unusable – no.

      1. sr said on May 2, 2013 at 9:43 am

        Just wanted to post it…it worked with admin-privileges. But it should not crash without them ;).

      2. sr said on May 2, 2013 at 9:27 am

        Nope, it’s instant crash… not the “not responding” thing…I will try at home again.

      3. Martin Brinkmann said on May 2, 2013 at 9:40 am

        Did you run it with elevated privileges?

    2. GodHatesFigs said on May 2, 2013 at 6:16 am

      Fine here on Win7 64bit.

  3. PixelWizard said on May 1, 2013 at 9:06 pm

    That worked well.

    It came up with a few candidates for study. It was simple to copy each filename out of the scan log, search for it in locate32 (or whatever you’ve got) and send it to VirusTotal. In the case of the locate32 search tool, it was a matter of a right-click “Send To” since VirusTotal is in there.

    Easy!! (And all files checked out as safe.)

    Thanks, Martin.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.