--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/virus.rst	Tue Dec 15 23:16:08 2015 +0200
@@ -0,0 +1,76 @@
+.. -*- coding: utf-8 -*-
+
+=================================
+ Computer viruses and rootckits.
+=================================
+
+Online virus scaner.
+====================
+
+ * http://virusscan.jotti.org/
+ * http://www.virustotal.com/
+ * http://virscan.org/
+
+Rootkit checker.
+================
+
+For Debian::
+
+  $ sudo apt-get install rkhunter chkrootkit
+
+  $ sudo rkhunter -c
+  ...
+
+  $ sudo chkrootkit
+  ...
+
+..
+
+  http://www.rootkit.nl/projects/rootkit_hunter.html
+
+For Windows:
+
+ * `HijackThis <http://sourceforge.net/projects/hjt/>`_
+ * `Sysinternals suite <https://technet.microsoft.com/ru-ru/sysinternals/>`_
+
+Use HijackThis to detect malware registration in system.
+
+Use Sysinternals procexp.exe to find which process lock file and path to
+executable images for removing unwanted software.
+
+Antivirus software.
+===================
+
+Debian.
+-------
+
+ClamAV - anti-virus utility for Unix::
+
+  $ sudo apt-get install clamav
+
+Windows.
+--------
+
+Free:
+
+ * `Windows Defender
+   <http://windows.microsoft.com/en-us/windows/using-defender>`_
+ * `Avast <http://www.avast.com/>`_ - free Antivirus is free only for personal
+   and non-commercial use.
+ * `Dr.Web CureIt! <https://free.drweb.ru/cureit/>`_
+ * `Free Kaspersky security scan for your PC
+   <http://www.kaspersky.com/free-virus-scan>`_
+ * `Kaspersky Virus Removal Tool <www.kaspersky.com/antivirus-removal-tool>`_
+
+Nod32 removal.
+~~~~~~~~~~~~~~
+
+Disable nod32 services by 'msconfig' utility.
+
+Remove such keys from registry by 'regedit'::
+
+  HKEY_LOCAL_MACHINE\SOFTWARE\ESET
+  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV
+  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon  ==>
+                ... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi
+