Jump to content

How to tell if a program is malicious?

Statik
By Statik
in Troubleshooting
 Share
Go to solution Solved by Nathanpete,

VirusTotal allows you to upload the files to their website where a server on their end will scan the files using various anti-viruses and then their own custom tools to determine what kind of malware the program could hold. Very new (like under 2-3 days old) viruses won't get detected, but you have had this thing since May so if is malicious it is 100% in the virustotal database. 

Posted

Hey all,

 

So I'm scrolling though my task manager just seeing what's all running on my laptop, and I've come across a few things that I don't exactly know what they are. Malwarebytes, Windows Defender, and Superantispyware all show some of them as clean, but is there a way to verify? For instance I have a program called "SHA1:0x608020e9" and opening the file location it's "Intel_PIE_Service.exe" in a folder in my System32 File Repository folder.

 

How do I verify things like this, and verify I don't have any sneaky malware/cryptominers, etc?

Gaming Build:

CPU: Ryzen 7 3800x   |  GPU: Asus ROG STRIX 2080 SUPER Advanced (2115Mhz Core | 9251Mhz Memory) |  Motherboard: Asus X570 TUF GAMING-PLUS  |  RAM: G.Skill Ripjaws DDR4 3600MHz 16GB  |  PSU: Corsair RM850x  |  Storage: 1TB ADATA XPG SX8200 Pro, 250GB Samsung 840 Evo, 500GB Samsung 840 Evo  |  Cooler: Corsair H115i Pro XT  |  Case: Lian Li PC-O11

 

Peripherals:

Monitor: LG 34GK950F  |  Sound: Sennheiser HD 598  |  Mic: Blue Yeti  |  Keyboard: Corsair K95 RGB Platinum  |  Mouse: Logitech G502

 

Laptop:

Asus ROG Zephryus G15

Ryzen 7 4800HS, GTX1660Ti, 16GB DDR4 3200Mhz, 512GB nVME, 144hz

 

NAS:

QNAP TS-451

6TB Ironwolf Pro

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 minute ago, Statik said:

How do I verify things like this, and verify I don't have any sneaky malware/cryptominers, etc?

VirusTotal is probably the closest thing to what you're asking about

"We're all in this together, might as well be friends" Tom, Toonami.

 

mini eLiXiVy: my open source 65% mechanical PCB, a build log, PCB anatomy and discussing open source licenses: https://linustechtips.com/topic/1366493-elixivy-a-65-mechanical-keyboard-build-log-pcb-anatomy-and-how-i-open-sourced-this-project/

 

mini_cardboard: a 4% keyboard build log and how keyboards workhttps://linustechtips.com/topic/1328547-mini_cardboard-a-4-keyboard-build-log-and-how-keyboards-work/

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
2 minutes ago, minibois said:

VirusTotal is probably the closest thing to what you're asking about

So if a file comes up good there chances are it's good?

 

Just because upon googling "Intel PIE Service" there's a few hits for Cryptominer/spyware, but nothing pops it. It's also been on my computer since May which is right around the time when I picked up my latpop, and it saw very little use until July.

Gaming Build:

CPU: Ryzen 7 3800x   |  GPU: Asus ROG STRIX 2080 SUPER Advanced (2115Mhz Core | 9251Mhz Memory) |  Motherboard: Asus X570 TUF GAMING-PLUS  |  RAM: G.Skill Ripjaws DDR4 3600MHz 16GB  |  PSU: Corsair RM850x  |  Storage: 1TB ADATA XPG SX8200 Pro, 250GB Samsung 840 Evo, 500GB Samsung 840 Evo  |  Cooler: Corsair H115i Pro XT  |  Case: Lian Li PC-O11

 

Peripherals:

Monitor: LG 34GK950F  |  Sound: Sennheiser HD 598  |  Mic: Blue Yeti  |  Keyboard: Corsair K95 RGB Platinum  |  Mouse: Logitech G502

 

Laptop:

Asus ROG Zephryus G15

Ryzen 7 4800HS, GTX1660Ti, 16GB DDR4 3200Mhz, 512GB nVME, 144hz

 

NAS:

QNAP TS-451

6TB Ironwolf Pro

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, Statik said:

So if a file comes up good there chances are it's good?

 

Just because upon googling "Intel PIE Service" there's a few hits for Cryptominer/spyware, but nothing pops it. It's also been on my computer since May which is right around the time when I picked up my latpop, and it saw very little use until July.

I am not sure how the virus scanners in VirusTotal do their thing, but it would be pretty naive from them to just simply assume "bad name = bad program".

It's entirely possible it's a real program, just with virus impersonations for it.

"We're all in this together, might as well be friends" Tom, Toonami.

 

mini eLiXiVy: my open source 65% mechanical PCB, a build log, PCB anatomy and discussing open source licenses: https://linustechtips.com/topic/1366493-elixivy-a-65-mechanical-keyboard-build-log-pcb-anatomy-and-how-i-open-sourced-this-project/

 

mini_cardboard: a 4% keyboard build log and how keyboards workhttps://linustechtips.com/topic/1328547-mini_cardboard-a-4-keyboard-build-log-and-how-keyboards-work/

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Solution

VirusTotal allows you to upload the files to their website where a server on their end will scan the files using various anti-viruses and then their own custom tools to determine what kind of malware the program could hold. Very new (like under 2-3 days old) viruses won't get detected, but you have had this thing since May so if is malicious it is 100% in the virustotal database. 

Fuck you scalpers, fuck you scammers, fuck all of you jerks that charge way too much to tech-illiterate people. 

Unless I say I am speaking from experience or can confirm my expertise, assume it is an educated guess.

Current setup: Ryzen 5 3600, MSI MPG B550, 2x8GB DDR4-3200, RX 5600 XT (+120 core, +320 Mem), 1TB WD SN550, 1TB Team MP33, 2TB Seagate Barracuda Compute, 500GB Samsung 860 Evo, Corsair 4000D Airflow, 650W 80+ Gold. Razer peripherals. 

Also have a Alienware Alpha R1: i3-4170T, GTX 860M (≈ a 750 Ti). 2x4GB DDR3L-1600, Crucial MX500

My past and current projects: VR Flight Sim: https://pcpartpicker.com/user/nathanpete/saved/#view=dG38Jx (Done!)

A do it all server for educational use: https://pcpartpicker.com/user/nathanpete/saved/#view=vmmNcf (Cancelled)

Replacement of my friend's PC nicknamed Donkey, going from 2nd gen i5 to Zen+ R5: https://pcpartpicker.com/user/nathanpete/saved/#view=WmsW4D (Done!)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 minutes ago, minibois said:

I am not sure how the virus scanners in VirusTotal do their thing, but it would be pretty naive from them to just simply assume "bad name = bad program".

It's entirely possible it's a real program, just with virus impersonations for it.

They basically send your file through a pipeline of malware and virus scanners.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Yo, so I have the same exact problem. I have a ROG Zephyrus. Since we have the same program, I doubt it should be a program, because I too saw very little activity. At the same time, I too agree that I got it very recently. So, this shouldn't be an issue!

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Troubleshooting

×