Malware Scene Investigator is your forensic savior

Your PC is behaving strangely. You think it might have been infected by something, but your regular antivirus tool hasn’t raised an alert. And so you decide to try and investigate the problem yourself.

Figuring out where to begin can be difficult, though. Which drivers should you investigate, which startup programs or processes? If you want to manually search for malware but aren’t sure where to start, then the free Malware Scene Investigator could prove very useful.

The program is a tiny download (500KB), portable and extremely easy to use. Close any running programs, launch Malware Scene Investigator, click Start Scan, and a tabbed interface then displays the results in two forms. Clicking Report provides a quick summary, while the Detailed Log tab gives you a more in-depth view.

The program may be small, but Malware Scene Investigator isn’t short on ambition. The program aims to highlight HOSTS file manipulation, unknown drivers, and dubious proxy settings. It looks for unusual disk partitions, Registry modifications or startup programs. You’ll be warned of executable files in your temporary folders (a common route for malware), and the report includes general information about your PC’s state (open network connections, running processes, scheduled tasks, recently created \Windows\System32 files, and more).

We tested this out on a test PC, and the program generally did very well. It highlighted some active third-party drivers, for instance; picked out an unusual Windows service setting; even warned us about a suspicious startup entry which we had already become concerned about separately. This turned out to be entirely innocent, but it was impressive that, while we had spent some time in identifying this file, Malware Scene Investigator managed to highlight the same executable in around two seconds.

Checking for outdated software was less successful, though, at least in our case. The program claimed that we had an outdated version of Flash installed, but this wasn’t true: it just hadn’t identified our installed Flash version correctly.

Malware Scene Investigator isn’t for novices, then. And you can’t rely 100% on everything it says: the program can only give you pointers as to what you should investigate next.

But, if you are worried a PC has been infected by malware, or just want a general security check, then the program is worth a try, and it certainly deserves a place in your security toolkit.

Photo Credit:  Johan Swanepoel/Shutterstock