Common spots where Malware could hide in?
Solution 1
It could reside anywhere if the program which planted it was ran under an administrative account and granted permissions. Typically you will also find malware in temp folders (e.g. IE cache), as some are guaranteed to be writeable by default, even for standard users -- a perfect breeding ground for malware.
Solution 2
The most effective second stage malware or the ones that cause the most symptoms are rootkits - kernel-mode drivers so they're usually hidden in "c:\windows\system32\drivers" or infect the MBR. Use Autoruns to identify them. Often their initial payloads are deployed to temporary internet files or a hidden user directories. Knowing these directories usually doesn't even matter once the system is infected because they controlled by the rootkit and even if you did manage to delete them they would be quickly rewritten elsewhere. I've yet to find effective anti-virus software for removal so a combo platter, starting with a solid Cleanup or Cleaner; run Combofix from the admin profile in in Safe Mode (run as Administrator) and then sysinternals tools to nitpick out any stragglers
Solution 3
Malware could be anywhere. From personal experience, I've usually found them in the Program Files folder. If it's a huge worry, you might want to run a scan once every few days. I highly recommend Microsoft Security Essentials: http://www.microsoft.com/security_essentials/
Solution 4
I commonly find them in the user accounts Documents and Temp folders, IE Temporary Internet files folder.
Related videos on Youtube
![Where Does Malware Hide? [Windows]](https://i.ytimg.com/vi/z8FCoc3q3BM/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLC8DE25COHfGGyKmpf7ynwQIxfvuA)
14 : 44
05 : 05
01 : 41 : 36
04 : 52
01 : 58
ctzdev
Updated on September 17, 2022Comments
-
ctzdev over 1 year
Let's say I was going to do a full system scan but I want to specify the scanner to look into certain directories.
What are the those directories for Windows XP, Vista, and 7?
I know the common one is
/System32but what are all the places malware could reside in?-
barlop over 13 yearsentries in the registry are relevant to how malware installs itself, and far more relevant if you're asking about where.
-
barlop over 13 yearsi'm suprised that somebody with 1600 rep still starts a question saying "Hello" and writes "Thanks" at the end
-
-
ctzdev over 13 yearsOk that makes sense, but what are the common directories (specially)?
-
ctzdev over 13 yearsThanks but u know there are those very very pesky customers who want their computer NOW and a full system scan is not really an option, I would know b/c I have tried to convince them countless times with no luck.
-
John T over 13 years@ct6116 that's why most AV's have a "quick scan" option, they will do the dirty work for you. Personally, from a customer perspective, I would feel safer if the tech spent an extra hour or 2 with my computer rather than 10 minutes, wouldn't you? Try explaining that it is beneficial to them unless they want to be returning their PC again soon.
-
ctzdev over 13 years@John T: I have explained to them every way I could. About ur quick scan statement, I usually boot into a LiveCD such as Avira or Kaspersky and they dont have a quick scan option but rather a full or custom option. My question was what folders should I select for the custom scan option.
