| author | Oleksandr Gavenko <gavenkoa@gmail.com> |
| Tue, 15 Dec 2015 23:18:08 +0200 | |
| changeset 1826 | 5c0e92ea4bce |
| parent 1824 | 897d88b927bc |
| child 1828 | 89380c212670 |
| permissions | -rw-r--r-- |
| 1823 | 1 |
.. -*- coding: utf-8 -*- |
2 |
||
3 |
================================= |
|
4 |
Computer viruses and rootckits. |
|
5 |
================================= |
|
6 |
||
7 |
Online virus scaner. |
|
8 |
==================== |
|
9 |
||
10 |
* http://virusscan.jotti.org/ |
|
11 |
* http://www.virustotal.com/ |
|
12 |
* http://virscan.org/ |
|
13 |
||
14 |
Rootkit checker. |
|
15 |
================ |
|
16 |
||
17 |
For Debian:: |
|
18 |
||
19 |
$ sudo apt-get install rkhunter chkrootkit |
|
20 |
||
21 |
$ sudo rkhunter -c |
|
22 |
... |
|
23 |
||
24 |
$ sudo chkrootkit |
|
25 |
... |
|
26 |
||
27 |
.. |
|
28 |
||
29 |
http://www.rootkit.nl/projects/rootkit_hunter.html |
|
30 |
||
|
1824
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
31 |
For Windows: |
|
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
32 |
|
|
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
33 |
* `HijackThis <http://sourceforge.net/projects/hjt/>`_ |
|
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
34 |
* `Sysinternals suite <https://technet.microsoft.com/ru-ru/sysinternals/>`_ |
|
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
35 |
|
|
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
36 |
Use HijackThis to detect malware registration in system. |
|
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
37 |
|
| 1826 | 38 |
Use Sysinternals ``procexp.exe`` to find which process lock file and path to |
|
1824
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
39 |
executable images for removing unwanted software. |
|
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
40 |
|
| 1826 | 41 |
Use ``msconfig.exe`` to investigate startup processes registration. |
42 |
||
| 1823 | 43 |
Antivirus software. |
44 |
=================== |
|
45 |
||
46 |
Debian. |
|
47 |
------- |
|
48 |
||
49 |
ClamAV - anti-virus utility for Unix:: |
|
50 |
||
51 |
$ sudo apt-get install clamav |
|
52 |
||
53 |
Windows. |
|
54 |
-------- |
|
55 |
||
56 |
Free: |
|
57 |
||
58 |
* `Windows Defender |
|
59 |
<http://windows.microsoft.com/en-us/windows/using-defender>`_ |
|
60 |
* `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal |
|
61 |
and non-commercial use. |
|
62 |
* `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_ |
|
63 |
* `Free Kaspersky security scan for your PC |
|
64 |
<http://www.kaspersky.com/free-virus-scan>`_ |
|
65 |
* `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_ |
|
66 |
||
67 |
Nod32 removal. |
|
68 |
~~~~~~~~~~~~~~ |
|
69 |
||
70 |
Disable nod32 services by 'msconfig' utility. |
|
71 |
||
72 |
Remove such keys from registry by 'regedit':: |
|
73 |
||
74 |
HKEY_LOCAL_MACHINE\SOFTWARE\ESET |
|
75 |
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV |
|
76 |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon ==> |
|
77 |
... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi |
|
78 |