Monday, 15 April 2013

Is it infected?

How do you know if a system is infected with malware?

This question is important to journalists, testers and other reviewers of anti-malware software.

The security product may claim to have defeated the threat but you need to dig down into the system using forensic tools to be sure that it has succeeded.

The following links and notes are intended for the journalists who attended Kaspersky Lab's reviewers workshop this week:



>> CaptureBAT.exe -l demo.txt -n -c




>> volatility-2.2.standalone.exe -f stuxnet.raw pslist

>> volatility-2.2.standalone.exe -f stuxnet.raw psscan

>> volatility-2.2.standalone.exe -f stuxnet.raw psxview

Malware Analyst's Handbook (specific page on

Stuxnet analysis