The truth is, after working all year for clients who are getting hacked by malware and let down by antivirus that can’t work I wanted to search for this title. Then I found articles like https://www.windowscentral.com/do-you-need-pc-antivirus and it basically talks about Microsoft’s built in software as well as a beefed up “Windows Defender Offline” tool you can boot from. Does that find the malware I’ve been fighting? Nope.
One of my work friends was recommending, and rightly so, “Bitdefender” which had worked for years. However, the truth is Bitdefender, like the leading antivirus programs before it is used for “testing” malware to ensure it is not detectable. They know you’ll use all this, and their “payload” will be tested. It will consequently not necessarily flag a warning. A client of mine recently got reinfected by a link from his Banks domain – but very odd – like secure5.thebankdomain.com (not actual domain name) with a long link after it. That provided some strange text message but … a day later his computer has excuted macros and downloaded the payload and installed a whole ton of fake replacement MicrosoftApps that are replacing the built in apps. So … yes we need antivirus software but right now its not working. The strategies for detecting compromised files are not working and this article is quite decent for explaining how, why and where.
I do have my way of finding malware but it is based on familiarity with the places it hides and software in general. I have tools which I can’t publish here because, they will just become part of the arsenal of testing for the “malware industry”. Which is a literal industry growing exponentially by using weak operating systems, weak security software.
Bitdefender was literally turned itself into malware, disabled from preventing anything – a zombie. I’ve seen this before with McAffee and Norton AV in previous years going back over 10 years. Removing Bitdefender the next attack decided to turn my clients Microsoft Office also into it’s malware shelter. The software is not even that secretive about its intentions once you start to locate it.
Why my client hired me? Well he had used a series of professionals to repair his computer and it remained infected. Not only that but the people came to not believe it had even happened as they “couldn’t find anything”. Instead, knowing this is why he hired me, I took every report very seriously. I’ve got experience of people “not believing victims” in many other contexts from sexual abuse, cult abuse, financial abuse – blaming the victim and saying they are crazy or imaging it. So I believed him and as such I eventually did the work, much of it on my own time as a research to expose the techniques.
I found png, pointed out by my client, which I believe are installer/executables. They even look like real graphics and are small – but there is no reason for them to appear magically other than via hacking/malware delivery systems saving them to locations. Temp directories, the desktop, the web cache – where-ever browser or email stores a file so you can “read it” is likely to call some function that has a vulnerability. Next thing it has executed and you are infiltrated … again. Often the files are dormant until you run into a secondary or third attack that somehow makes use of what has been saved into your system previously.