# HG changeset patch # User Oleksandr Gavenko # Date 1450214168 -7200 # Node ID cb5aad83d18514659cbce0eb767d9a356cb86108 # Parent 762cf6b3fb494c7e91b086c8ebeccb5c4b657c51# Parent 897d88b927bcb0e280786b43275ebcf23a519a64 merged diff -r 762cf6b3fb49 -r cb5aad83d185 virus.rst --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/virus.rst Tue Dec 15 23:16:08 2015 +0200 @@ -0,0 +1,76 @@ +.. -*- coding: utf-8 -*- + +================================= + Computer viruses and rootckits. +================================= + +Online virus scaner. +==================== + + * http://virusscan.jotti.org/ + * http://www.virustotal.com/ + * http://virscan.org/ + +Rootkit checker. +================ + +For Debian:: + + $ sudo apt-get install rkhunter chkrootkit + + $ sudo rkhunter -c + ... + + $ sudo chkrootkit + ... + +.. + + http://www.rootkit.nl/projects/rootkit_hunter.html + +For Windows: + + * `HijackThis `_ + * `Sysinternals suite `_ + +Use HijackThis to detect malware registration in system. + +Use Sysinternals procexp.exe to find which process lock file and path to +executable images for removing unwanted software. + +Antivirus software. +=================== + +Debian. +------- + +ClamAV - anti-virus utility for Unix:: + + $ sudo apt-get install clamav + +Windows. +-------- + +Free: + + * `Windows Defender + `_ + * `Avast `_ - free Antivirus is free only for personal + and non-commercial use. + * `Dr.Web CureIt! `_ + * `Free Kaspersky security scan for your PC + `_ + * `Kaspersky Virus Removal Tool `_ + +Nod32 removal. +~~~~~~~~~~~~~~ + +Disable nod32 services by 'msconfig' utility. + +Remove such keys from registry by 'regedit':: + + HKEY_LOCAL_MACHINE\SOFTWARE\ESET + HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV + HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon ==> + ... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi +