Malware analysis & removal

Our systems are receiving new malware samples every minute. What do we do with them? We analyze them of course

Those samples are processed with “LogMachines” where they are run and their behaviour is logged. We use custom made command-line tools to analyze the samples:

We populate the malware actions into our Database.

A third step involves verifying that we are capable of completely removing the malware without damaging the system. Machines are set up to be infected and them we run our removal tool.

Sometimes the payload from executing the malware changes, or we need to adjust our signatures in order to fully remove, say, a randomly generated malware sample:

We are not using VMware to analyze threats as malware authors know how to check for a “real” environment. By doing so, we are matching what end users have if they get infected.

Jerome