A utility for removing worms and Trojans. Malwarebytes - remove viruses, worms, trojans, rootkits, dialers, spyware

Detecting a Trojan that is not detected by your antivirus and has bypassed your firewall is sometimes not a trivial task. But not impossible - any action leaves traces in the system. This is the principle of Trojan detection. I warn you right away - there will be no easy or quick solutions in this article. Sorry, there will be few links to programs - there are a lot of names, you will have to search for them manually. And not all of them will be useful to you. I'll show you how to find the Trojan. But detecting a Trojan does not mean curing it.

How to detect a Trojan? Let's check open ports.

If there is a Trojan, it is most likely needed to send some information to the hacker. So for this he will need special channel , the entrance to which opens one of the system. And this port (most likely) will be one of those that is not used by the system, that is, one of the reserved ones. Therefore, the task at this stage is simple: carefully study the open ports and monitor the processes that use these ports and to which addresses the information is sent.

For operating room Windows systems The team can quickly help you with this process netstat with a flag -an(if you use a router to access the Internet, the search principle will be a little incomplete, but read to the end). Type it right now in the command console:

External address described by type IP address:internet port

However, you will be provided with more detailed information third party programs. Personally, I use utilities TCPView, CurrPorts And IceSword. This information is not always objective, since the process may be hidden for the time being, and it is not a fact that the port will open right now, but sometimes it’s worth checking.

How to detect a Trojan? Check running processes.

• A utoruns
• KillProcess
• HijackThis
• PrcView
• Winsonar
• HiddenFinder
• Security Task Manager
• Yet Another Process Monitor

In general, look more often in different ways.

How to detect a Trojan? Check the registry.

What's the first thing the Trojan will do? It needs to run, and in Windows there are several directories and settings for this. And all of them are reflected in the registry settings. Windows automatically executes instructions determined by these registry keys:

Run RunServices RunOnce RunServicesOnes HKEY_CLASSES_ROOT\exefile\shell\open\command

Thus, by scanning keys and registry sections for suspicious entries, you can identify a Trojan infection: it can insert its instructions into these registry sections in order to expand its activities. And in order to detect a Trojan in the registry, there are also many utilities, for example:

• SysAnalyzer
• All-Seeing Eyes
• Tiny Watcher
• Registry Shower
• Active Registry Monitor

How to detect a Trojan? It may be in device drivers.

Trojans are often downloaded under the auspices of downloading drivers for some devices and use these same devices as cover. This is caused by incomprehensible sources of “drivers for downloading” on the Internet. Doesn't remind you of anything? And the system often warns that the driver is not digitally signed. And for good reason.

So do not rush to install what you downloaded from the Internet and do not believe your eyes - trust only official sources. To monitor drivers, the network offers the following utilities:

• DriverView
• Driver Detective
• Unknown Device Identifier
• DriverScanner
• Double Driver

How to detect a Trojan? Services and services.

Some Trojans can launch system services Windows itself, allowing a hacker to take control of the machine. To do this, the Trojan assigns itself the name of a service process in order to avoid detection by the antivirus. The rootkit technique is used to manipulate a registry section, which, unfortunately, has a place to hide:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services

This means that we will have to stock up on utilities for monitoring running services. This:

• Smart Utility
• Process Hacker
• Netwrix Service Monitor
• Service Manager Plus
• Anvir Task Manager, etc.

How to detect a Trojan? Is it not in startup?

What do we mean by autoload? No, my dears, this is not just a list of records in the folder of the same name - that would be quite simple. First of all, these are the following Windows partitions:

• full list Windows services, issued by the console of the same name. consoles: Execute (WIN+R) – services.msc. I advise you to open, sort by Launch type and carefully study all launched Automatically services.
• auto download drivers folder: famous C:\Windows\System32\Drivers(there were times I checked each of the drivers manually)
• Anything can happen, so take a look at the file (for Windows XP this is ) for any extraneous inclusions. The easiest way to do this is to call the System Configuration utility: WIN + R-
• and while you're here, go to the downloadable programs tab. In the Autorun tab, we often look for programs that slow down the system startup. However, you may also find a Trojan there

msconfig in Windows XP (almost unchanged for other versions)

and here is the Configuration window for Windows 7

• and now check the folder (make sure that the system is ordered to display C system files and folders and Hidden):

This is not a complete list of branches. If you want to know about the programs that run with Windows, you can look at their list in the article ““. Among the utilities that can be used to monitor boot partitions are:

• Starter
• Security Autorun
• Startup Tracker
• Program Starter
• Autoruns

How to detect a Trojan? Check suspicious folders.

It is common for a Trojan to modify system folders and files. You can check this in several ways:

• FCIV – command utility for calculating MD5 or SHA1 file hashes
• SIGVERIF – checks the integrity of critical files digitally signed by Microsoft
• TRIPWIRE – scans and reports changes to critical Windows files
• MD5 Checksum Verifier
• SysInspect
• Sentinel
• Verisys
• WinMD5
• FastSum

How to detect a Trojan? Check application network activity

There's no point in having a Trojan if it doesn't run network activity. To check what kind of information is leaking from a system, you need to use network scanners and packet sniffers to monitor network traffic sending data to suspicious addresses. A good tool here is Capsa Network Analyzer– an intuitive engine will present detailed information to check if a Trojan is running on your computer.

Good luck to all of us.

Do you want to get rid of malware (viruses, worms, Trojans, etc.), even if you have not previously installed it? Below is a simple and time-tested instruction that will help anyone do it independently, and most importantly, completely free of charge!

So, what do you need to
to cure your computer from viruses, worms and Trojans?

1. Internet access. Well, since you are reading this, you have it.))
2. A “clean” computer, if you cannot access the sites below on your computer.
   If there is access, we perform everything immediately on the “infected” computer.
3. A little diligence and patience.
   The treatment procedure will require strict adherence to instructions and will take some time.

Actually, the instructions themselves for treating a computer from viruses:

1) Check your computer for malware(viruses, worms, Trojans, adware, etc.) using or Kaspersky Rescue Disk 10(if Kaspersky Virus Removal Tool does not start or even freezes in advanced mode).

Kaspersky Virus Removal Tool 2015 can be launched directly from under running Windows in normal or safe mode. This program does not conflict with an already installed antivirus, and can be removed after use.

To use Kaspersky Rescue Disk 10 you need to first burn the image to CD or DVD disc, or to a flash drive. The disk boots instead of Windows, which allows you to detect and neutralize particularly complex malware that Windows mode can hide their presence through the use of rootkit technologies.

2) Once/If you have one of the Kaspersky Lab products installed (for example, / / ​​), enable potentially unwanted detection in your product software .

To do this, go to the main program window - settings - advanced - threat and exclusion settings - check the box " Detect other programs«.
Run the database update and when it is finished, restart your computer. This will allow you to obtain and initiate new virus databases to neutralize adware programs. Run a full virus scan

Malwarebytes
Founded in 2004, Malwarebytes has been helping users remove malware from a computer and provided safe work on the Internet. Moreover, your computer remains protected against viruses for free. The company has created a number of products that will help you keep your computer safe and reliable without slowing down your applications.

Malwarebytes has developed a number of tools that can identify and remove malware from a computer. When your computer is infected, Malwarebytes can provide the assistance you need to remove the virus and restore your computer back to optimal performance.
Founded in 2004, Malwarebytes has been helping users remove malware from their computers and ensure a safe online experience. Moreover, your computer remains protected against viruses for free. The company has created a number of products that will help you keep your computer safe and reliable without slowing down your applications. The most common products are:

Malwarebytes' Anti-Malware- Have you ever thought about how to make protection against malware more effective? Malwarebytes has created an easy-to-use and effective anti-malware tool.
Whether you know it or not, your computer is always at risk of infection viruses(viruses), worms(worms), Trojans(trojans), rootkits(rootkits), dialers(dialers), spyware(spyware) and malware(malware), which are constantly evolving and becoming increasingly difficult to detect and remove. Only the most sophisticated anti-malware and modern methods, can detect and remove these malware from your computer.

Malwarebytes' Anti-Malware is considered the next step in detecting and removing malware. There are a number of new technologies in the product that are designed to quickly detect, destroy, and prevent the operation of malware.
Malwarebytes' Anti-Malware can detect and remove malware that even the most famous anti-virus and anti-mailware applications cannot detect.
Malwarebytes' Anti-Malware monitors every process and stops malicious processes before they can start.
The real-time protection module uses advanced heuristic scanning technology that monitors your system to keep your system safe. Additionally, there is a threat center that will keep you up to date with the latest malware and threats.

*Activation:

The full version offers real-time protection, scheduled scanning, and scheduling updates.
For consumers and personal use, the fee is only RUB 800.67.
For corporate clients, no annual license required.

Main Features
* Supports Windows 2000, XP, Vista and 7 (32-bit and 64-bit).
* Availability of fast scanning mode.
* Ability to scan all drives.
* Malwarebytes' anti-malware module. (Registration required)
* Daily database update.
* Quarantine for threats with the possibility of recovery.
* Ignore list for scanning and protection modules.
* Settings to improve Malwarebytes' Anti-Malware performance.
* A small list of additional utilities to help you remove malware manually.
* Multilingual support.
* Works in conjunction with other anti-malware utilities.
* Support command line to perform a quick scan.
* Integration into context menu to scan files on demand.

Usage:

Simply download Malwarebytes' Anti-Malware from one of the links below. Double click on the downloaded file to install the application on your computer. After installing the application, double-click on Malwarebytes’ Anti-Malware icon on your desktop to launch the program. Once the app is open, select scan and the app will guide you through the remaining steps.

• Version: 1.46
• File size: 5.86 MB
• Language: Russian, English, Belarusian, Bosnian, Bulgarian, Catalan, Chinese Simplified, Chinese Traditional, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Korean, Latvian, Macedonian, Norwegian, Polish, Portuguese, Romanian, Serbian, Slovak, Slovenian, Spanish, Swedish, Turkish.

StartUpLite StartUpLite- The most common problem in the computer world is the complaints of many users about the slow startup of the computer. Everyone wants to know how to speed up the startup process. Of course, there are many solutions to this problem, Malwarebytes has created a safe, easy and effective way to elimination unnecessary applications , which start when you turn on the computer - StartUpLite.

StartUpLite is a lightweight and easy-to-use program that allows you to speed up your startup system, safely and effectively. The program allows you to disable or remove unnecessary startup entries from your computer. By using StartUpLite, you can significantly reduce loading times with just a few clicks.

Usage: Simply download StartUpLite from the link below and save it somewhere convenient. Double click on StartUpLite.exe

• Version: 1.07
• File size: 199.70 KB
• operating system:
• Language: English.

FileASSASSIN - Chances are you've frequently encountered one or more of the following messages:

1. Cannot delete file: Access is denied.
2. Make sure the disk is not full or write-protected and that the file is not currently in use.
3. Source or final file may be in use.
4. The file is being used by another program or user.

These are very common messages that occur when trying to delete files, often due to malicious code infections in your applications on the system. Malwarebytes is very familiar with these messages, which is why they created FileASSASSIN.

FileASSASSIN is an application that can remove any type of locked files that are on your computer. Files from malware infections or just a specific file that will not remove Windows OS - FileASSASSIN remove it.
The program uses advanced programming techniques to unload modules, close remote connections, and terminate various processes to delete the protected file. Please use with caution as it removes important system files may cause system errors.

Usage:
Simply download FileASSASSIN from the link below. If you chose a portable installation, simply extract and run the application, otherwise run the installer. Now FileASSASSIN select the file by dragging it onto the text area or select it using the program. Next, select a removal method from the list. Finally, select Run and the removal process will begin.

• Version: 1.06
• File size: 163.12 KB
• operating system: Microsoft ® Windows 2000, XP, Vista.
• Language: English, Spanish.

RegASSASSIN - Common problem When a computer is running with malware, it creates numerous registry keys in the system registry. Most of which are very difficult to remove. Malwarebytes has created an application to fix this problem - RegASSASSIN.

RegASSASSIN is a portable application. The program allows you to delete registry keys by resetting the permission keys and then removing it. Please use with caution as deleting critical registry keys may cause system errors.

Usage: Simply download RegASSASSIN from the link below. Once downloaded, double click on RegASSASSIN.exe. Then enter the registry key that you want to delete or reset and click the Delete button.

• Version: 1.03
• File size: 63.70 KB
• Operating system: Microsoft ® Windows 2000, XP, Vista.
• Language: English only.

Malware, Trojans and Threats

Most computers are connected to a network (Internet, local network), which simplifies the spread of malware (according to Russian standards, such programs are called “destructive” software", but, because this concept is not widely used, the concept of “malware” will be used in this review; on English they are called Malware). Such programs include Trojan horses (also known as Trojan horses), viruses, worms, spyware, adware, rootkits, and various other types.

Another plus is that MBAM rarely causes any conflicts with other anti-malware utilities.

Free Trojan Scanner SUPERAntiSpyware

. In addition to spyware, this program scans and removes other types of threats, such as dialers, keyloggers, worms, rootkits, etc.

The program has three types of scans: quick, full or custom system scan. Before scanning, the program prompts you to check for updates to immediately protect you from the latest threats. SAS has its own blacklist. This is a list of 100 examples of various DLL and EXE files that should not be on your computer. When you click on any of the items in the list, you will receive full description threats.

One of the important features of the program is the presence of Hi-Jack protection, which does not allow other applications to terminate the program (with the exception of Task Manager).

Unfortunately, the free version of this program does not support real-time protection, scheduled scans, and a number of other functions.

More programs

Other free Trojan scanners not included in the review:

• Rising PC Doctor (no longer available, you may still find older versions on the Internet) - Trojan and spyware scanner. Offers the ability to automatically protect against a number of Trojans. It also offers the following tools: startup management, process manager, service manager, File Shredder (a program for deleting files without the possibility of restoring them) and others.
• FreeFixer - will scan your system and help remove Trojans and other malware. But the user is required to correctly interpret the results of the program. Particular care must be taken when deciding to remove important files system as it may damage your system. However, there are forums where you can consult if you are in doubt about a decision (links to the forums are on the website).
• Ashampoo Anti-Malware (Unfortunately, it has become a trial version. Perhaps earlier versions can still be found on the Internet) - initially this product was only commercial. The free version provides real-time protection and also offers various optimization tools.

Quick selection guide (links to download Trojan scanners)

Emsisoft Anti-Malware

PC Tools ThreatFire