Malwarebytes - remove viruses, worms, trojans, rootkits, dialers, spyware. How to cure a computer from viruses, worms and trojans for free? Download antivirus to remove trojans

Detecting a Trojan that is not detected by the antivirus and bypassed your firewall is sometimes not a trivial task. But not impossible - any action leaves traces in the system. That's the principle of detecting a Trojan. I warn you right away - there will be no easy and quick solutions in the article. Sorry that there will be few links to programs - there are a lot of names, you will have to search for them manually. And not all of them will work for you. I'll show you how to find the Trojan. But detecting a Trojan does not mean curing it.

How to detect a trojan? Let's check the open ports.

If there is a Trojan, it is most likely needed to send some information to the hacker. So he needs to special channel , the entrance to which opens one of the system. And this port (most likely) will be from among those that are not used by the system, that is, from among the reserved ones. Therefore, the task at this stage is simple: carefully study open ports and keep track of the processes that use these ports, and to which addresses the information is sent.

For operating room Windows systems the team can help you in this process in a hurry netstat with flag -an(if you use a router to access the Internet, the search principle will be a little inferior, but read to the end). Type it right now in the command console:

External address described by type IP address:internet port

However, third-party programs will provide you with more detailed information. Personally, I use utilities TCPView, CurrPorts and IceSword. This information is not always objective, since the process can hide for the time being, and it’s not a fact that the port will open right now, but sometimes it’s worth checking.

How to detect a trojan? Check running processes.

• A utoruns
• KillProcess
• HijackThis
• PrcView
• Winsonar
• HiddenFinder
• Security Task Manager
• Yet Another Process Monitor

In general, often peer into different ways.

How to detect a trojan? Check the registry.

What is the first thing a Trojan will do? It needs to run, and in Windows there are several directories and settings for this. And all of them are reflected in the registry settings. Windows automatically executes the instructions defined by these registry keys:

Run RunServices RunOnce RunServicesOnes HKEY_CLASSES_ROOT\exefile\shell\open\command

Thus, scanning keys and registry keys for suspicious entries can reveal a Trojan infection: it can insert its instructions into these registry keys in order to deploy its activities. And in order to detect a Trojan in the registry, there are also many utilities, for example:

• SysAnalyzer
• All Seeing Eyes
• Tiny Watcher
• Registry Shower
• Active Registry Monitor

How to detect a trojan? It might be in device drivers.

Trojans are often downloaded under the auspices of downloading device drivers and using those devices as cover. This is the fault of incomprehensible sources of “drivers for download” on the network. Doesn't it remind you of anything? And the system often warns that the digital signature of the driver is missing. And not in vain.

So do not rush to install downloaded from the network and do not believe your eyes - trust only official sources. To monitor drivers, the network offers the following utilities:

• driverview
• Driver Detective
• Unknown Device Identifier
• DriverScanner
• Double Driver

How to detect a trojan? Services and services.

Trojans can run some Windows system services on their own, allowing a hacker to take control of a machine. To do this, the Trojan assigns itself the name of a service process in order to avoid detection by the antivirus. A rootkit technique is used to manipulate a registry key, in which, unfortunately, there is where to hide:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services

This means that we will have to stock up on utilities for monitoring running services. This is:

• smart utility
• Process Hacker
• Netwrix Service Monitor
• Service Manager Plus
• Anvir Task Manager and more

How to detect a trojan? Isn't it in autoload?

What do we mean by autoload? No, my dears, this is not only a list of entries in the folder of the same name - that would be quite simple. First of all, these are the following sections of Windows:

• a complete list of Windows services issued by the console of the same name. consoles: Run (Win+R) – services.msc I advise you to open, sort by Launch type and carefully study all launched Automatically services.
• folder with automatically loaded drivers: famous C:\Windows\System32\Drivers(there were times I checked each of the drivers manually)
• anything can happen, so take a look at the file (for Windows XP it is) for extraneous inclusions. The easiest way to do this is to call the System Configuration utility: WIN + R-
• and while you're here, go to the tab for downloadable programs. In the Autostart tab, we often look for programs that slow down the system startup. However, you can also find a Trojan there.

msconfig in Windows XP (almost unchanged for other versions)

and here is the Configuration window for Windows 7

• and now check the folder (make sure that the system is ordered to display C systemic files and folders, and Hidden):

This is not a complete list of branches. If you want to know about the programs that start with Windows, you can look at their list in the article ““. Among the utilities with which you can monitor boot partitions are:

• starter
• Security Autorun
• Startup Tracker
• Program Starter
• autoruns

How to detect a trojan? Check suspicious folders.

It is common for a Trojan to change system folders and files. You can check this in several ways:

• FCIV is a command line utility for calculating MD5 or SHA1 file hashes
• SIGVERIF - checks the integrity of critical files that are digitally signed by Microsoft
• TRIPWIRE - scans and reports changes to critical Windows files
• MD5 Checksum Verifier
• SysInspect
• Sentinel
• Verisys
• WinMD5
• FastSum

How to detect a trojan? Check the network activity of applications

There is no point in a Trojan if it does not start network activity. To check what kind of information is leaking from the system, you need to use network scanners and packet sniffers to monitor network traffic that sends data to suspicious addresses. A good tool here is Capsa Network Analyzer- An intuitive engine will present detailed information to check if a Trojan is running on your computer.

Good luck to all of us.

Malwarebytes
Founded in 2004, Malwarebytes has been helping users remove malware from their computers and ensure a safe browsing experience all along. Moreover, your computer remains protected from viruses for free. The company has created a range of products to help you keep your computer safe and secure without slowing down your applications.

Malwarebytes has developed a range of tools that can identify and remove malware from a computer. When a computer is infected, Malwarebytes can provide the necessary assistance to remove the virus and repair the computer and restore back to optimal performance.
Founded in 2004, Malwarebytes has been helping users remove malware from their computers and ensure a safe browsing experience all along. Moreover, your computer remains protected from viruses for free. The company has created a range of products to help you keep your computer safe and secure without slowing down applications. The most common products are:

Malwarebytes' Anti-Malware- Have you ever wondered how to make malware protection more effective? Malwarebytes has made an easy-to-use and effective anti-malware tool.
Whether you know it or not, your computer is always at risk of infection. viruses(viruses), worms(worms), Trojans(trojans), rootkits(rootkits), dialers(dialers), spyware(spyware) and malware(malware) that are constantly evolving and becoming more difficult to detect and remove. Only the most difficult software complexes anti-malware and modern methods can detect and remove these malicious programs from your computer.

Malwarebytes' Anti-Malware considered the next step in malware detection and removal. There are a number of new technologies in the products that are designed to quickly detect, destroy, and prevent malware.
Malwarebytes' Anti-Malware can detect and remove malware such that even the most famous anti-virus and anti-mailware applications cannot detect.
Malwarebytes' Anti-Malware keeps track of each process and stops malicious processes before they have time to start.
The real-time protection module uses advanced heuristic scanning technology that monitors your system to keep the system safe. In addition, there is a threat center that will keep you up to date with the latest malware and threats.

*Activation:

The full version unlocks real-time protection, scheduled scans, and scheduling updates.
For consumers and personal use, the fee is only 800.67 rubles.
For corporate clients, an annual license is required.

Main characteristics
* Support for Windows 2000, XP, Vista and 7 (32-bit and 64-bit).
* Availability of quick scan mode.
* Ability to scan all drives.
* Malwarebytes' anti-malware module. (Requires registration)
* Daily database update.
* Quarantine for threats with the ability to recover.
* Ignore list "for scanning and protection modules.
* Settings to improve Malwarebytes' Anti-Malware performance.
* A small list of additional utilities to help remove malware manually.
* Multilingual support.
* Works in conjunction with other anti-malware utilities.
* Support command line to perform a quick scan.
* Integration into context menu to check files on demand.

Usage:

Just download Malwarebytes' Anti-Malware from one of the links below. Double click on the downloaded file to install the application on your computer. After installing the application, double-click the Malwarebytes’ Anti-Malware icon on your desktop to launch the program. When the app is open, select scan and the app will guide you through the rest of the steps.

• Version: 1.46
• File size: 5.86MB
• Language: Russian, English, Belarusian, Bosnian, Bulgarian, Catalan, Chinese Simplified, Chinese Traditional, Croatian, Czech, Danish, Dutch, Estonian, Finnish, French, German, Greek, Hebrew, Hungarian, Italian, Korean, Latvian, Macedonian, Norwegian, Polish, Portuguese, Romanian, Serbian, Slovak, Slovenian, Spanish, Swedish, Turkish.

mbam-setup-1.46.exe

| 6009.13 Kb

| Downloaded: 1542 times

startuplite startuplite- The most common problem in the computer world is that many users complain about the slow start of the computer. Everyone wants to know how to speed up the startup process. Of course, there are many solutions to this problem, Malwarebytes has created a safe, easy and effective way to eliminate unnecessary applications that run when the computer is turned on - StartUpLite.

StartUpLite is a lightweight and easy-to-use program that allows you to speed up your startup system safely and efficiently. The program allows you to disable or remove unnecessary startup entries from your computer. By using StartUpLite, you can greatly help reduce your download time with just a few clicks.

Usage A: Simply download StartUpLite from the link below and save it to a convenient location. Double click StartUpLite.exe

• Version: 1.07
• File size: 199.70KB
• Operating system:
• Language: English.

StartUpLite_Version 1.07.exe

| 199.7 Kb

| Downloaded: 147 times

FileASSASSIN - Chances are you've seen one or more of the following messages frequently:

1. Unable to delete file: Permission denied.
2. Make sure the disk is not full or write-protected and that the file is not currently in use.
3. Source or destination file can be used.
4. The file is being used by another program or user.

These are very common messages that appear when trying to delete files, often due to malware infections in your applications on the system. Malwarebytes is well aware of these messages, which is why they created FileASSASSIN.

FileASSASSIN is an application that can remove any type of locked files that are on your computer. Files from malware infections or only a specific file that will not delete Windows - FileASSASSIN delete it.
The program uses advanced programming techniques to unload modules, close remote links, and terminate various processes to delete a protected file. Please use with caution as deleting important system files may cause system errors.

Usage:
Just download FileASSASSIN from the link below. If you chose portable installation, just unzip and run the application, otherwise run the installer. Now FileASSASSIN select the file by dragging it to the text area or select it with the program. Next, select the removal method from the list. Finally, select Run and the uninstall process will begin.

• Version: 1.06
• File size: 163.12KB
• Operating system: Microsoft® Windows 2000, XP, Vista.
• Language: English, Spanish.

fa-setup.exe

| 163.12 Kb

| Downloaded: 542 times

RegASSASSIN- A common problem when running a computer with malware is that numerous registry keys are created in the system registry. Most of which are very difficult to remove. Malwarebytes has created an application to fix this problem - RegASSASSIN.

RegASSASSIN is a portable application. The program allows you to delete registry keys by resetting permission keys and then uninstalling it. Please use with caution as deleting critical registry keys may cause system errors.

Usage: Simply download RegASSASSIN from the link below. Once downloaded, double click RegASSASSIN.exe. Then enter the registry key you want to delete or reset and click the Delete button.

• Version: 1.03
• File size: 63.70KB
• Operating system: Microsoft® Windows 2000, XP, Vista.
• Language: Only English.

RegASSASSIN.exe

| 63.7 KB

| Downloaded: 554 times

Malware, Trojans and Threats

Most computers are connected to a network (internet, the local network), which simplifies the distribution of malicious programs (according to Russian standards, such programs are called "destructive software", but, because this concept not common, the review will use the concept of "malicious programs"; on the English language they are called Malware). These programs include trojans (also known as Trojan horses), viruses, worms, spyware, adware, rootkits, and various other types.

Another plus is that MBAM rarely causes any conflicts with other anti-malware utilities.

Free Trojan Scanner SUPERAntiSpyware

. In addition to spyware, this program scans and removes other types of threats such as dialers, keyloggers, worms, rootkits, etc.

The program has three types of scans: quick, full or custom system scan. Before scanning, the program offers to check for updates to immediately protect you from the latest threats. SAS has its own blacklist. This is a list of 100 examples of various DLLs and EXEs that should not be on the computer. When you click on any of the items in the list, you will receive Full description threats.

One of the important features of the program is the presence of Hi-Jack protection, which prevents other applications from terminating the program (except Task Manager).

Unfortunately, the free version of this program does not support real-time protection, scheduled scans, and a number of other features.

More programs

Other free trojan scanners not included in the review:

• Rising PC Doctor (no longer available, you can still find old versions on the Internet) - Trojan and spyware scanner. Offers automatic protection against a number of Trojans. It also offers the following tools: startup management, process manager, service manager, File Shredder (a program for deleting files, without the possibility of recovering them) and others.
• FreeFixer - will scan your system and help you remove Trojans and other malware. But, the user is required to correctly interpret the results of the program. Particular care must be taken when deciding to remove important system files, as this can damage your system. However, there are forums where you can consult if in doubt about the decision (links to the forums are on the site).
• Ashampoo Anti-Malware (Unfortunately, it has become a trial version. It is possible that earlier versions can still be found on the Internet) - initially this product was only commercial. The free version provides real-time protection and also offers various optimization tools.

Quick Guide (Trojan Scanner Download Links)

Emsisoft Anti-Malware

		Scans and removes trojans, worms, viruses, spyware, trackers, dialers, etc. Easy to use.
		AT free version severely limited. Not available: automatic update, real-time file protection, scheduled scan, etc. Unfortunately, it has become a trial. Perhaps earlier versions can still be found on the Internet
		www.emsisoft(.)com

PC Tools ThreatFire

		Proactive protection against known and unknown trojans, viruses, worms, spyware, rootkits and other malware.
		Automatic update not provided if you have opted out of ThreatFire's community. 4.10 version has not changed since November 2011.

Do you want to get rid of malware (viruses, worms, trojans, etc.), even if you have not previously installed ? Below is a simple and time-tested instruction that will help anyone who wants to do it on their own, and most importantly, completely free of charge!

So what do you need to
to cure your computer of viruses, worms and trojans?

1. Access to the Internet. Well, since you are reading this, you have it.))
2. A “clean” computer, if you cannot access the sites below on your computer.
   If there is access, we perform everything immediately on the “infected” computer.
3. A little diligence and patience.
   The treatment procedure will require a clear implementation of the instructions and will take some time.

Actually, the instruction itself for treating a computer from viruses:

1) Check your computer for malware(viruses, worms, trojans, adware programs, etc.) using or Kaspersky Rescue Disk 10(if Kaspersky Virus Removal Tool does not start or freezes even in extended mode).

Kaspersky Virus Removal Tool 2015 can be run directly from under running Windows in normal or safe mode. This program does not conflict with an already installed antivirus, and can be removed after use.

For use Kaspersky Rescue Disk 10 you need to burn the image to CD first or DVD disc or to a flash drive. The disk boots instead of Windows, which makes it possible to detect and neutralize particularly complex malware that, under Windows mode, can hide their presence through the use of rootkit technologies.

2) Once/If you have one of the Kaspersky Lab products installed (for example, / / ​​), enable potentially unwanted detection in the product software .

To do this, go to the main program window - settings - advanced - settings for threats and exclusions - check the box " Detect other programs«.
Run the database update and restart the computer when it is finished. This will allow you to receive and initiate new virus databases to neutralize adware programs. Run a full virus scan