virus.rst
author Oleksandr Gavenko <gavenkoa@gmail.com>
Tue, 15 Dec 2015 23:18:08 +0200
changeset 1826 5c0e92ea4bce
parent 1824 897d88b927bc
child 1828 89380c212670
permissions -rw-r--r--
msconfig.exe

.. -*- coding: utf-8 -*-

=================================
 Computer viruses and rootckits.
=================================

Online virus scaner.
====================

 * http://virusscan.jotti.org/
 * http://www.virustotal.com/
 * http://virscan.org/

Rootkit checker.
================

For Debian::

  $ sudo apt-get install rkhunter chkrootkit

  $ sudo rkhunter -c
  ...

  $ sudo chkrootkit
  ...

..

  http://www.rootkit.nl/projects/rootkit_hunter.html

For Windows:

 * `HijackThis <http://sourceforge.net/projects/hjt/>`_
 * `Sysinternals suite <https://technet.microsoft.com/ru-ru/sysinternals/>`_

Use HijackThis to detect malware registration in system.

Use Sysinternals ``procexp.exe`` to find which process lock file and path to
executable images for removing unwanted software.

Use ``msconfig.exe`` to investigate startup processes registration.

Antivirus software.
===================

Debian.
-------

ClamAV - anti-virus utility for Unix::

  $ sudo apt-get install clamav

Windows.
--------

Free:

 * `Windows Defender
   <http://windows.microsoft.com/en-us/windows/using-defender>`_
 * `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal
   and non-commercial use.
 * `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_
 * `Free Kaspersky security scan for your PC
   <http://www.kaspersky.com/free-virus-scan>`_
 * `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_

Nod32 removal.
~~~~~~~~~~~~~~

Disable nod32 services by 'msconfig' utility.

Remove such keys from registry by 'regedit'::

  HKEY_LOCAL_MACHINE\SOFTWARE\ESET
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon  ==>
                ... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi