# HG changeset patch
# User Oleksandr Gavenko <gavenkoa@gmail.com>
# Date 1450269534 -7200
# Node ID 89380c21267007aacfc3d189ffdc0ea4d3f6dd92
# Parent  57e7f7232b7053b552d3c2e67ba26f04b2b0ee52
autoruns.exe

diff -r 57e7f7232b70 -r 89380c212670 virus.rst
--- a/virus.rst	Tue Dec 15 23:18:31 2015 +0200
+++ b/virus.rst	Wed Dec 16 14:38:54 2015 +0200
@@ -28,17 +28,42 @@
 
   http://www.rootkit.nl/projects/rootkit_hunter.html
 
-For Windows:
+For Windows just use `Sysinternals suite
+<https://technet.microsoft.com/ru-ru/sysinternals/>`_. There are two tools which
+help a lot:
+
+ * ``procexp.exe`` to find which process lock file and path to executable images
+   for removing unwanted software.
+ * ``autoruns.exe`` to find program and service registration.
 
- * `HijackThis <http://sourceforge.net/projects/hjt/>`_
- * `Sysinternals suite <https://technet.microsoft.com/ru-ru/sysinternals/>`_
+Also you may use less powerful but built-in ``msconfig.exe`` to investigate
+startup processes registration.
+
+HijackThis.
+-----------
+
+Works nice on 32-bit Windows. But fail to properly handle paths on 64-bit.
 
-Use HijackThis to detect malware registration in system.
+Autoruns from sysinternals supresses HijackThis by quality and number of
+detected places.
+
+  http://sourceforge.net/projects/hjt/
+    Home page
+  https://en.wikipedia.org/wiki/HijackThis
+    Wiki page.
 
-Use Sysinternals ``procexp.exe`` to find which process lock file and path to
-executable images for removing unwanted software.
+GMER.
+-----
+
+List processes, services, autostarts, scans for rootkits or 3rd party file
+registration.
 
-Use ``msconfig.exe`` to investigate startup processes registration.
+Under Windows 10 x64 it cause reboot due to write to rean-only memory.
+
+  http://www.gmer.net/
+    Home page.
+  https://en.wikipedia.org/wiki/GMER
+    Wiki page.
 
 Antivirus software.
 ===================
@@ -53,16 +78,20 @@
 Windows.
 --------
 
-Free:
+Free active antivirus:
 
  * `Windows Defender
    <http://windows.microsoft.com/en-us/windows/using-defender>`_
  * `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal
    and non-commercial use.
+
+Free one time scan antivirus:
+
  * `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_
  * `Free Kaspersky security scan for your PC
    <http://www.kaspersky.com/free-virus-scan>`_
  * `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_
+ * `ESET SysInspector <http://www.eset.com/int/support/sysinspector/>`_.
 
 Nod32 removal.
 ~~~~~~~~~~~~~~