Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Guides - Privacy & Security Tips
Uncover hidden malware with RunPE Detector
Message
<blockquote data-quote="Venustus" data-source="post: 402374" data-attributes="member: 4295"><p>Handy little tool!!</p><p><img src="http://betanews.com/wp-content/uploads/2015/06/RunPE-Detector.jpg" alt="" class="fr-fic fr-dii fr-draggable " style="" /> </p><p>Malware uses many tricks to hide its process, and one of the most common is known as RunPE.</p><p>Essentially this involves starting a known and trusted process -- Explorer.exe, say -- in a suspended state, replacing its code with the malware’s own, then starting it up. Even running something like Process Explorer won’t reveal any problems unless you look very, very closely.</p><p></p><p>It's a free tool which scans the headers of your processes in memory, and compares them to their disk images. It sounds too simple a technique, but it really does work: if a process has been exploited by RunPE then there should be a difference, and you’ll see an alert.</p><p></p><p>The program tries to go further by giving you the option to remove whatever malware it detects. It’s good to see the developer has some ambition, but it’s a difficult task, and we wouldn’t rely on it being successful. If you do find a problem, use a full-strength antivirus engine to investigate further.</p><p></p><p>Phrozen RunPE Detector doesn’t do a great deal. It only detects RunPE-compromised processes, and even then, only if they’re 32-bit (<strong><span style="color: #ff0000">64-bit scanning is apparently coming soon</span></strong>).</p><p></p><p><a href="https://www.phrozensoft.com/freeware" target="_blank">https://www.phrozensoft.com/freeware</a></p></blockquote><p></p>
[QUOTE="Venustus, post: 402374, member: 4295"] Handy little tool!! [IMG]http://betanews.com/wp-content/uploads/2015/06/RunPE-Detector.jpg[/IMG] Malware uses many tricks to hide its process, and one of the most common is known as RunPE. Essentially this involves starting a known and trusted process -- Explorer.exe, say -- in a suspended state, replacing its code with the malware’s own, then starting it up. Even running something like Process Explorer won’t reveal any problems unless you look very, very closely. It's a free tool which scans the headers of your processes in memory, and compares them to their disk images. It sounds too simple a technique, but it really does work: if a process has been exploited by RunPE then there should be a difference, and you’ll see an alert. The program tries to go further by giving you the option to remove whatever malware it detects. It’s good to see the developer has some ambition, but it’s a difficult task, and we wouldn’t rely on it being successful. If you do find a problem, use a full-strength antivirus engine to investigate further. Phrozen RunPE Detector doesn’t do a great deal. It only detects RunPE-compromised processes, and even then, only if they’re 32-bit ([B][COLOR=#ff0000]64-bit scanning is apparently coming soon[/COLOR][/B]). [URL]https://www.phrozensoft.com/freeware[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top