+
−.. -*- coding: utf-8; -*-
+
−
+
−=================================
+
− Computer viruses and rootckits.
+
−=================================
+
−.. contents::
+
−   :local:
+
−
+
−Online virus scaner.
+
−====================
+
−
+
− * http://virusscan.jotti.org/
+
− * http://www.virustotal.com/
+
− * http://virscan.org/
+
−
+
−Rootkit checker.
+
−================
+
−
+
−For Debian::
+
−
+
−  $ sudo apt-get install rkhunter chkrootkit
+
−
+
−  $ sudo rkhunter -c
+
−  ...
+
−
+
−  $ sudo chkrootkit
+
−  ...
+
−
+
−..
+
−
+
−  http://www.rootkit.nl/projects/rootkit_hunter.html
+
−
+
−For Windows just use `Sysinternals suite
+
−<https://technet.microsoft.com/ru-ru/sysinternals/>`_. There are two tools which
+
−help a lot:
+
−
+
− * ``procexp.exe`` to find which process lock file and path to executable images
+
−   for removing unwanted software.
+
− * ``autoruns.exe`` to find program and service registration.
+
−
+
−Also you may use less powerful but built-in ``msconfig.exe`` to investigate
+
−startup processes registration.
+
−
+
−HijackThis.
+
−-----------
+
−
+
−Works nice on 32-bit Windows. But fail to properly handle paths on 64-bit.
+
−
+
−Autoruns from sysinternals supresses HijackThis by quality and number of
+
−detected places.
+
−
+
−  http://sourceforge.net/projects/hjt/
+
−    Home page
+
−  https://en.wikipedia.org/wiki/HijackThis
+
−    Wiki page.
+
−
+
−GMER.
+
−-----
+
−
+
−List processes, services, autostarts, scans for rootkits or 3rd party file
+
−registration.
+
−
+
−Under Windows 10 x64 it cause reboot due to write to rean-only memory.
+
−
+
−  http://www.gmer.net/
+
−    Home page.
+
−  https://en.wikipedia.org/wiki/GMER
+
−    Wiki page.
+
−
+
−Antivirus software.
+
−===================
+
−
+
−Debian.
+
−-------
+
−
+
−ClamAV - anti-virus utility for Unix::
+
−
+
−  $ sudo apt-get install clamav
+
−
+
−Windows.
+
−--------
+
−
+
−Free active antivirus:
+
−
+
− * `Windows Defender
+
−   <http://windows.microsoft.com/en-us/windows/using-defender>`_
+
− * `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal
+
−   and non-commercial use.
+
−
+
−Free one time scan antivirus:
+
−
+
− * `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_
+
− * `Free Kaspersky security scan for your PC
+
−   <http://www.kaspersky.com/free-virus-scan>`_
+
− * `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_
+
− * `ESET SysInspector <http://www.eset.com/int/support/sysinspector/>`_.
+
−
+
−Nod32 removal.
+
−~~~~~~~~~~~~~~
+
−
+
−Disable nod32 services by 'msconfig' utility.
+
−
+
−Remove such keys from registry by 'regedit'::
+
−
+
−  HKEY_LOCAL_MACHINE\SOFTWARE\ESET
+
−  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV
+
−  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon  ==>
+
−                ... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi
+
−