$ sudo apt-get install rkhunter chkrootkit $ sudo rkhunter -c ... $ sudo chkrootkit ...
For Windows just use Sysinternals suite. There are two tools which help a lot:
- procexp.exe to find which process lock file and path to executable images for removing unwanted software.
- autoruns.exe to find program and service registration.
Also you may use less powerful but built-in msconfig.exe to investigate startup processes registration.
Works nice on 32-bit Windows. But fail to properly handle paths on 64-bit.
Autoruns from sysinternals supresses HijackThis by quality and number of detected places.
ClamAV - anti-virus utility for Unix:
$ sudo apt-get install clamav
Free active antivirus:
Free one time scan antivirus:
Disable nod32 services by 'msconfig' utility.
Remove such keys from registry by 'regedit':
HKEY_LOCAL_MACHINE\SOFTWARE\ESET HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NOD32DRV HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eamon ==> ... easdrv easdrv EhttpSrv ekrn epfw Epfwndis epfwtdi