[ About | Licence | Contacts ]
Written by Oleksandr Gavenko (AKA gavenkoa), compiled on 2017-01-30 from rev ccaa2f364422+.

Computer viruses and rootckits.

Online virus scaner.

Rootkit checker.

For Debian:

$ sudo apt-get install rkhunter chkrootkit

$ sudo rkhunter -c
...

$ sudo chkrootkit
...
http://www.rootkit.nl/projects/rootkit_hunter.html

For Windows just use Sysinternals suite. There are two tools which help a lot:

  • procexp.exe to find which process lock file and path to executable images for removing unwanted software.
  • autoruns.exe to find program and service registration.

Also you may use less powerful but built-in msconfig.exe to investigate startup processes registration.

HijackThis.

Works nice on 32-bit Windows. But fail to properly handle paths on 64-bit.

Autoruns from sysinternals supresses HijackThis by quality and number of detected places.

http://sourceforge.net/projects/hjt/
Home page
https://en.wikipedia.org/wiki/HijackThis
Wiki page.

GMER.

List processes, services, autostarts, scans for rootkits or 3rd party file registration.

Under Windows 10 x64 it cause reboot due to write to rean-only memory.

http://www.gmer.net/
Home page.
https://en.wikipedia.org/wiki/GMER
Wiki page.

Antivirus software.

Debian.

ClamAV - anti-virus utility for Unix:

$ sudo apt-get install clamav

Windows.

Free active antivirus:

Free one time scan antivirus:

Nod32 removal.

Disable nod32 services by 'msconfig' utility.

Remove such keys from registry by 'regedit':

HKEY_LOCAL_MACHINE\SOFTWARE\ESET
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon  ==>
              ... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi