Malware Scene Investigator scans your PC for security issues - gHacks Tech News

Malware Scene Investigator scans your PC for security issues

Most Windows users make use of various security related programs on their system to protect it from malware infections and other malicious attacks against their computer system. While there are certainly some that do not use protection at all, it is likely that the majority makes use of a firewall and an antivirus solution at the very least. Experienced users may implement additional programs, like the excellent EMET or on-demand scanners like Dr.Web CureIt or the highly popular Malwarebytes Anti-Malware.

That's still not all that you can do to make sure that your PC is not compromised. Tools like Secunia PSI can scan the system for vulnerabilities, and programs like SUMO or Slim Cleaner make sure all of the software installed on it is up to date.

Malware Scene Investigator falls into the second group of applications. It is an on-demand scanner that tries to detect malware by scanning the system for traces that are often indicative of malicious software. You can use it as a second-opinion scanner.

Requirements: The program runs on all versions of Windows from Windows XP to the very latest version. It does require the Microsoft .Net Framework 4.0 but does not need to be installed on the system before you can run it.

malware scene investigator

Hit the start scan button after the interface shows up on first start to run a scan of the system. It should not take longer than a minute and often even less than that. Note that the program window becomes unresponsive during the scan but does not crash. It will recover once the scan completes and display the results on the report tab that you see on the screenshot above.

You should see the alerts as hints and not as proof that someone or something manipulated your system. It is important to go through each alert to find out more about it. I was able to check several of the items on my system as false positives as soon as the report window was displayed in the program.

A click on the help me with the results link opens a local help file that explains what each alert type means and what you need to do to check it out manually. You can also switch to the detailed log tab for in depth information about each item, including full paths and such, which the main report tab does not always display.

The program scans the following areas:

  • Hosts file modifications
  • Suspicious file detection
  • Enabled proxy server
  • Network access to security websites
  • List of active TCP connections
  • Suspicious disk partition
  • Service state
  • Registry modifications
  • Suspicious startup entries
  • Security risks (e.g. outdated plugins)

Malware Scene Investigator may point you to areas of your system that may have been altered or modified. It requires that you have at least a basic understanding of the Windows operating system so that you can verify the alerts manually on it. It would have been nice if the program would link to the relevant areas directly, e.g. the folder the hosts file is located in so that you can save time going through the list of alerts.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. PixelWizard said on May 1, 2013 at 9:06 pm
      Reply

      That worked well.

      It came up with a few candidates for study. It was simple to copy each filename out of the scan log, search for it in locate32 (or whatever you’ve got) and send it to VirusTotal. In the case of the locate32 search tool, it was a matter of a right-click “Send To” since VirusTotal is in there.

      Easy!! (And all files checked out as safe.)

      Thanks, Martin.

    2. sr said on May 2, 2013 at 4:49 am
      Reply

      Instant crash of the program after clicking Start Scan. Win7 64bit…strange.

      1. GodHatesFigs said on May 2, 2013 at 6:16 am
        Reply

        Fine here on Win7 64bit.

      2. PixelWizard said on May 2, 2013 at 9:15 am
        Reply

        “Note that the program window becomes unresponsive during the scan but does not crash. It will recover once the scan completes and display the results on the report tab that you see on the screenshot above.” –Martin’s text

        On my Vista 32-bit machine it did *look* like a crash (the program window went all-black and Windows indicated it was not responding). But I just waited a few minutes – maybe 2 or 3 – and it did recover as Martin notes, displaying its results.

        Odd – yes. Unusable – no.

        1. sr said on May 2, 2013 at 9:27 am
          Reply

          Nope, it’s instant crash… not the “not responding” thing…I will try at home again.

        2. Martin Brinkmann said on May 2, 2013 at 9:40 am
          Reply

          Did you run it with elevated privileges?

        3. sr said on May 2, 2013 at 9:43 am
          Reply

          Just wanted to post it…it worked with admin-privileges. But it should not crash without them ;).

    3. Dan said on May 2, 2013 at 8:56 pm
      Reply

      Worked every time on my Windows 7 64 bit with admin priv; it didn’t find anything I/task manager/Emsisoft EK/Malwarebytes/BitDefender/TechMicro/McAfee/Comodo/GMER apps also didn’t find (no false or made-up alerts); it properly called attention even to two malware test files on a USB stick. So far for rme, seems capable of doing what it claims.

    Leave a Reply