eradicating-malware-from-infected-systems

Featured

Systematically remove malware, backdoors, and attacker persistence mechanisms from infected systems while ensuring complete eradication and preventing re-infection.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Eradicating Malware from Infected Systems ## When to Use - Malware infection confirmed and containment is in place - Forensic investigation has identified all persistence mechanisms - All compromised systems have been identified and scoped - Ready to remove attacker artifacts and restore clean state - Post-containment phase requires systematic cleanup ## Prerequisites - Completed forensic analysis identifying all malware artifacts - List of all compromised systems and accounts - EDR/AV with updated signatures deployed - YARA rules for the specific malware family - Clean system images or verified backups for restoration - Network isolation still in effect during eradication ## Workflow ### Step 1: Map All Persistence Mechanisms ```bash # Windows - Check all known persistence locations # Autoruns (Sysinternals) - comprehensive autostart enumeration autorunsc.exe -accepteula -a * -c -h -s -v > autoruns_report.csv # Registry Run keys reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /s reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" /s reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run" /s # Scheduled tasks schtasks /query /fo CSV /v > schtasks_all.csv # WMI event subscriptions Get-WMIObject -Namespace root\Subscription -Class __EventFilter Get-WMIObject -Namespace root\Subscription -Class CommandLineEventConsumer Get-WMIObject -Namespace root\Su...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

performing-malware-persistence-investigation

Systematically investigate all persistence mechanisms on Windows and Linux systems to identify how malware survives reboots and maintains access.

12,642 Updated today
mukul975
AI & Automation Featured

hunting-for-persistence-mechanisms-in-windows

Systematically hunt for adversary persistence mechanisms across Windows endpoints including registry, services, startup folders, and WMI subscriptions.

12,642 Updated today
mukul975
AI & Automation Featured

conducting-malware-incident-response

Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection vectors, assessing spread, and executing eradication procedures. Covers the full lifecycle from detection through containment, analysis, removal, and recovery. Activates for requests involving malware response, malware eradication, trojan removal, worm containment, malware triage, or infected endpoint remediation.

12,642 Updated today
mukul975
AI & Automation Featured

analyzing-malware-persistence-with-autoruns

Use Sysinternals Autoruns to systematically identify and analyze malware persistence mechanisms across registry keys, scheduled tasks, services, drivers, and startup locations on Windows systems.

12,642 Updated today
mukul975
AI & Automation Featured

detecting-fileless-malware-techniques

Detects and analyzes fileless malware that operates entirely in memory using PowerShell, WMI, .NET reflection, registry-resident payloads, and living-off-the-land binaries (LOLBins) without writing traditional executable files to disk. Activates for requests involving fileless threat detection, in-memory malware investigation, LOLBin abuse analysis, or WMI persistence examination.

12,642 Updated today
mukul975