author | Oleksandr Gavenko <gavenkoa@gmail.com> |
Mon, 22 Feb 2016 13:34:55 +0200 | |
changeset 1911 | 870693ce6ff0 |
parent 1828 | 89380c212670 |
child 1912 | 8b81a8f0f692 |
permissions | -rw-r--r-- |
1911
870693ce6ff0
Fix my RST article style by 'check-format-policy' target.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1828
diff
changeset
|
1 |
.. -*- coding: utf-8; -*- |
870693ce6ff0
Fix my RST article style by 'check-format-policy' target.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1828
diff
changeset
|
2 |
.. include:: HEADER.rst |
1823 | 3 |
|
4 |
================================= |
|
5 |
Computer viruses and rootckits. |
|
6 |
================================= |
|
1911
870693ce6ff0
Fix my RST article style by 'check-format-policy' target.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1828
diff
changeset
|
7 |
.. contents:: |
870693ce6ff0
Fix my RST article style by 'check-format-policy' target.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1828
diff
changeset
|
8 |
:local: |
1823 | 9 |
|
10 |
Online virus scaner. |
|
11 |
==================== |
|
12 |
||
13 |
* http://virusscan.jotti.org/ |
|
14 |
* http://www.virustotal.com/ |
|
15 |
* http://virscan.org/ |
|
16 |
||
17 |
Rootkit checker. |
|
18 |
================ |
|
19 |
||
20 |
For Debian:: |
|
21 |
||
22 |
$ sudo apt-get install rkhunter chkrootkit |
|
23 |
||
24 |
$ sudo rkhunter -c |
|
25 |
... |
|
26 |
||
27 |
$ sudo chkrootkit |
|
28 |
... |
|
29 |
||
30 |
.. |
|
31 |
||
32 |
http://www.rootkit.nl/projects/rootkit_hunter.html |
|
33 |
||
1828 | 34 |
For Windows just use `Sysinternals suite |
35 |
<https://technet.microsoft.com/ru-ru/sysinternals/>`_. There are two tools which |
|
36 |
help a lot: |
|
37 |
||
38 |
* ``procexp.exe`` to find which process lock file and path to executable images |
|
39 |
for removing unwanted software. |
|
40 |
* ``autoruns.exe`` to find program and service registration. |
|
1824
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
41 |
|
1828 | 42 |
Also you may use less powerful but built-in ``msconfig.exe`` to investigate |
43 |
startup processes registration. |
|
44 |
||
45 |
HijackThis. |
|
46 |
----------- |
|
47 |
||
48 |
Works nice on 32-bit Windows. But fail to properly handle paths on 64-bit. |
|
1824
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
49 |
|
1828 | 50 |
Autoruns from sysinternals supresses HijackThis by quality and number of |
51 |
detected places. |
|
52 |
||
53 |
http://sourceforge.net/projects/hjt/ |
|
54 |
Home page |
|
55 |
https://en.wikipedia.org/wiki/HijackThis |
|
56 |
Wiki page. |
|
1824
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
57 |
|
1828 | 58 |
GMER. |
59 |
----- |
|
60 |
||
61 |
List processes, services, autostarts, scans for rootkits or 3rd party file |
|
62 |
registration. |
|
1824
897d88b927bc
HijackThis, Sysinternals.
Oleksandr Gavenko <gavenkoa@gmail.com>
parents:
1823
diff
changeset
|
63 |
|
1828 | 64 |
Under Windows 10 x64 it cause reboot due to write to rean-only memory. |
65 |
||
66 |
http://www.gmer.net/ |
|
67 |
Home page. |
|
68 |
https://en.wikipedia.org/wiki/GMER |
|
69 |
Wiki page. |
|
1826 | 70 |
|
1823 | 71 |
Antivirus software. |
72 |
=================== |
|
73 |
||
74 |
Debian. |
|
75 |
------- |
|
76 |
||
77 |
ClamAV - anti-virus utility for Unix:: |
|
78 |
||
79 |
$ sudo apt-get install clamav |
|
80 |
||
81 |
Windows. |
|
82 |
-------- |
|
83 |
||
1828 | 84 |
Free active antivirus: |
1823 | 85 |
|
86 |
* `Windows Defender |
|
87 |
<http://windows.microsoft.com/en-us/windows/using-defender>`_ |
|
88 |
* `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal |
|
89 |
and non-commercial use. |
|
1828 | 90 |
|
91 |
Free one time scan antivirus: |
|
92 |
||
1823 | 93 |
* `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_ |
94 |
* `Free Kaspersky security scan for your PC |
|
95 |
<http://www.kaspersky.com/free-virus-scan>`_ |
|
96 |
* `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_ |
|
1828 | 97 |
* `ESET SysInspector <http://www.eset.com/int/support/sysinspector/>`_. |
1823 | 98 |
|
99 |
Nod32 removal. |
|
100 |
~~~~~~~~~~~~~~ |
|
101 |
||
102 |
Disable nod32 services by 'msconfig' utility. |
|
103 |
||
104 |
Remove such keys from registry by 'regedit':: |
|
105 |
||
106 |
HKEY_LOCAL_MACHINE\SOFTWARE\ESET |
|
107 |
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV |
|
108 |
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon ==> |
|
109 |
... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi |
|
110 |