Mercurial Mercurial > tips / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | zip | gz | bz2 | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
autoruns.exe
authorOleksandr Gavenko <gavenkoa@gmail.com>
Wed, 16 Dec 2015 14:38:54 +0200
changeset 1828 89380c212670
parent 1827 57e7f7232b70
child 1829 f001ff60c027
autoruns.exe
virus.rst file | annotate | diff | comparison | revisions 
--- a/virus.rst	Tue Dec 15 23:18:31 2015 +0200
+++ b/virus.rst	Wed Dec 16 14:38:54 2015 +0200
@@ -28,17 +28,42 @@
 
   http://www.rootkit.nl/projects/rootkit_hunter.html
 
-For Windows:
+For Windows just use `Sysinternals suite
+<https://technet.microsoft.com/ru-ru/sysinternals/>`_. There are two tools which
+help a lot:
+
+ * ``procexp.exe`` to find which process lock file and path to executable images
+   for removing unwanted software.
+ * ``autoruns.exe`` to find program and service registration.
 
- * `HijackThis <http://sourceforge.net/projects/hjt/>`_
- * `Sysinternals suite <https://technet.microsoft.com/ru-ru/sysinternals/>`_
+Also you may use less powerful but built-in ``msconfig.exe`` to investigate
+startup processes registration.
+
+HijackThis.
+-----------
+
+Works nice on 32-bit Windows. But fail to properly handle paths on 64-bit.
 
-Use HijackThis to detect malware registration in system.
+Autoruns from sysinternals supresses HijackThis by quality and number of
+detected places.
+
+  http://sourceforge.net/projects/hjt/
+    Home page
+  https://en.wikipedia.org/wiki/HijackThis
+    Wiki page.
 
-Use Sysinternals ``procexp.exe`` to find which process lock file and path to
-executable images for removing unwanted software.
+GMER.
+-----
+
+List processes, services, autostarts, scans for rootkits or 3rd party file
+registration.
 
-Use ``msconfig.exe`` to investigate startup processes registration.
+Under Windows 10 x64 it cause reboot due to write to rean-only memory.
+
+  http://www.gmer.net/
+    Home page.
+  https://en.wikipedia.org/wiki/GMER
+    Wiki page.
 
 Antivirus software.
 ===================
@@ -53,16 +78,20 @@
 Windows.
 --------
 
-Free:
+Free active antivirus:
 
  * `Windows Defender
    <http://windows.microsoft.com/en-us/windows/using-defender>`_
  * `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal
    and non-commercial use.
+
+Free one time scan antivirus:
+
  * `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_
  * `Free Kaspersky security scan for your PC
    <http://www.kaspersky.com/free-virus-scan>`_
  * `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_
+ * `ESET SysInspector <http://www.eset.com/int/support/sysinspector/>`_.
 
 Nod32 removal.
 ~~~~~~~~~~~~~~
tips