2

I asked a question today on security.stackexchange.com

Hijacked certificate and Remote Login. Office computer compromised with a virus? which is a question about a suspicious program named PROGRAM.

I'd like to learn as much about this program as I can. When I try to get properties from this program it's greyed out.

Screenshot of PROGRAM on Task Manager

How can I gather more info about this program so I can better formulate a question on security.stackexchange?

What methods can be used to learn about a program and what it does?

Windows 10

UPDATE: I took the hard drive out of the computer and mounted it externally on a different computer. I've run a targeted scan with Avast antivirus and it says there are no viruses. This makes me very nervous because there is obviously a virus on the computer.

Improve this question
1

1 Answer 1

Reset to default
2

It is probably an empty registry key in the Windows start-up "run" registry key. You can check in regedit and possibly delete it at [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

There should be a similar key under the HKEY_LOCAL_MACHINE branch.

You can use autoruns to find out exactly where this item is listed to start-up and what it is pointing at, if it is indeed trying to run anything.

Improve this answer
1
  • It's definitely trying to do something malicious with remote login. I'll try this out and let you know what I find thanks
    – ConcernedUser
    Commented Apr 12, 2018 at 14:59

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .