Signature Verification

Signature Verification

We will run sigverif, a signature verification checker, and compare the results to the currently

Running processes in Task Manager:

1. Press Ctrl+Alt+Del and select Start Task Manager.

2. Click the Processes tab. Note any unusual processes and the amount of CPU time

they are using. Any processes using a consistently high percentage of CPU time may

indicate a virus or Trojan infection.

Click the Performance tab in Task Manager to view the current CPU usage.

                                                                                                                                     

4. Click Start  Run.

5. Type sigverif, and click Start.

6. In the sigverif program, choose Advanced to see the signature verification report.

7. Click the View Log button to see the report.

System File Checker is another command line–based tool used to check whether a Trojan

program has replaced files. If System File Checker detects that a file has been overwritten, it

retrieves a known good file from the Windows\system32\dllcache folder and overwrites the

unverified file. The command to run the System File Checker is sfc/scannow.