Mercurial Mercurial > tips / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
virus.rst
author Oleksandr Gavenko <gavenkoa@gmail.com>
Mon, 22 Feb 2016 12:46:36 +0200
changeset 1905 fba288d59662
parent 1828 89380c212670
child 1911 870693ce6ff0
permissions -rw-r--r--
Include only local subsections into TOC. This prevent duplication of TOC when build single page HTML document. Also this make unnecessary CSS hack to hide document title as top level section.

.. -*- coding: utf-8 -*-

=================================
 Computer viruses and rootckits.
=================================

Online virus scaner.
====================

 * http://virusscan.jotti.org/
 * http://www.virustotal.com/
 * http://virscan.org/

Rootkit checker.
================

For Debian::

  $ sudo apt-get install rkhunter chkrootkit

  $ sudo rkhunter -c
  ...

  $ sudo chkrootkit
  ...

..

  http://www.rootkit.nl/projects/rootkit_hunter.html

For Windows just use `Sysinternals suite
<https://technet.microsoft.com/ru-ru/sysinternals/>`_. There are two tools which
help a lot:

 * ``procexp.exe`` to find which process lock file and path to executable images
   for removing unwanted software.
 * ``autoruns.exe`` to find program and service registration.

Also you may use less powerful but built-in ``msconfig.exe`` to investigate
startup processes registration.

HijackThis.
-----------

Works nice on 32-bit Windows. But fail to properly handle paths on 64-bit.

Autoruns from sysinternals supresses HijackThis by quality and number of
detected places.

  http://sourceforge.net/projects/hjt/
    Home page
  https://en.wikipedia.org/wiki/HijackThis
    Wiki page.

GMER.
-----

List processes, services, autostarts, scans for rootkits or 3rd party file
registration.

Under Windows 10 x64 it cause reboot due to write to rean-only memory.

  http://www.gmer.net/
    Home page.
  https://en.wikipedia.org/wiki/GMER
    Wiki page.

Antivirus software.
===================

Debian.
-------

ClamAV - anti-virus utility for Unix::

  $ sudo apt-get install clamav

Windows.
--------

Free active antivirus:

 * `Windows Defender
   <http://windows.microsoft.com/en-us/windows/using-defender>`_
 * `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal
   and non-commercial use.

Free one time scan antivirus:

 * `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_
 * `Free Kaspersky security scan for your PC
   <http://www.kaspersky.com/free-virus-scan>`_
 * `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_
 * `ESET SysInspector <http://www.eset.com/int/support/sysinspector/>`_.

Nod32 removal.
~~~~~~~~~~~~~~

Disable nod32 services by 'msconfig' utility.

Remove such keys from registry by 'regedit'::

  HKEY_LOCAL_MACHINE\SOFTWARE\ESET
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon  ==>
                ... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi
tips