MalwareCleaning

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Saturday, October 23, 2010

WinMHR: Free Malware Detector

Posted on 6:48 AM by Unknown

Today I checked out WinMHR brought to you by: Team Cymru

Now, what exactly is WinMHR ? (This is copied from the website)

WinMHR is...


  • Free - No ads, reminders, or disabled features - for both non-commercial and commercial use.
  • Private - No files or any content is sent across the network.
  • Fast - No heavy analysis is done on your PC. Our servers take care of the heavy lifting.
  • Accurate - We aggregate results of over 30 anti-virus engines, so we detect a far greater percentage of malware than a single, traditional anti-virus product.
  • Up-to-Date - No "definition" or "signature" files need to be downloaded, all updates are done on our servers.
  • Easy to Use - A more user-friendly, point-and-click interface for our established and proven MHR service.

WinMHR is NOT...


  • intended as a replacement of traditional anti-virus, it is an augmentation of your existing anti-virus.
  • a malware removal or blocking tool; it is a malware detection tool.

I tested WinMHR on 10 samples of the infamous rogue AV 'Security Tool':
2 out of 10 samples are known malware


When you first start WinMHR, it does a scan of your running processes. This makes it very easy to view MD5s of all running processes, as well as which modules are loaded under each process.


Down below you can find an additional video on how to use WinMHR:

Link: http://media.team-cymru.org/WinMHR/movies/introduction.mov

You can download WinMHR from here.


Conclusion:

WinMHR is a good tool for having a second opinion, but if you really want to be sure about the validity of a file (malware/goodware), I advise to also use the VirusTotal Uploader or VT Uploader (http://www.virustotal.com/advanced.html )
Simply right click a file and send it to VirusTotal.

The big difference between WinMHR and VirusTotal is that WinMHR will not upload your file, it will only check the MD5 checksum. If you send a file to VirusTotal, you will upload it to their servers, and they can decide what to do with it.

Keep in mind that WinMHR does not prevent malware nor can it replace a traditonal antivirus. As a supplement it comes in very handy.

Additionally, it would be nice if x64 will be supported in the near future.

Link: http://www.team-cymru.org/Services/MHR/WinMHR/

Note: I did not help or contribute in developing this tool, I simply reviewed it.

Email ThisBlogThis!Share to XShare to Facebook
Posted in antimalware, blog update, malware, team cymru, video, WinMHR | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • League of Legends RP hack
    I recently blogged about a (still current) scam targeting players of the online game League of Legends: Free Riot codes scam . When re-check...
  • test for the blog
    Just testing ... :-)
  • Gina Lisa Facebook scam
    Yet another Facebook scam, this time luring users with a sextape from Gina Lisa, whom is apparently a German model: Yet another Facebook sca...
  • Increase in malicious spam
    Rodel Mendrez from M86 Security labs has made an excellent post on a Massive Rise in Malicious Spam: http://labs.m86security.com/2011/08/mas...
  • Facebook Support. Personal data has been changed!
    There appears to be a new malicious email being sent out with the subject: " Facebook Support. Personal data has been changed! ID7530...
  • FedEx spam loads malware
    Received an email from (supposedly) FedEx today, seems my parcel was unable to be delivered: Print your receipt!     Mail details: Subject: ...
  • Analysing malicious PDF files
    This is an ongoing blogpost on how to analyse malicious PDF files... More information coming soon... Content coming soon! [...] Source of PD...
  • A word on XDocCrypt/Dorifel/Quervar
    I'm sure everyone has heard by now about the so called XDocCrypt/Dorifel/Quervar malware. It has mostly damaged machines in The Netherla...
  • Malware Puzzle
    A malware (crossword) puzzle you say? Yes! Why not? I've made a puzzle about malware (and security) related keywords. It comes in .PNG f...
  • [SPAM] He found himself leading the process
    Nothing new here, but interesting to note that this type of trick is still going around. I am talking about an email you receive with (appar...

Categories

  • ACH transfer
  • adobe
  • adobe exploit
  • ADP
  • adware
  • affiliate
  • all your data are belong to us
  • antimalware
  • asprox
  • bancos
  • banking trojan
  • basic malware cleaning
  • battle.net
  • blackhole exploit kit
  • blog update
  • botnet
  • brazilian banking trojan
  • brucon
  • change facebook color
  • conduit
  • cracked hotmail
  • credit card blocked
  • crimeware kit
  • CVE-2006-0003
  • CVE-2010-0840
  • CVE-2012-4681
  • cybercrime
  • d3
  • diablo
  • diablo III
  • diablo phishing
  • DLL injection
  • Dorifel
  • dorkbot
  • encryption
  • end of july
  • exploit
  • exploit kit
  • exprez
  • facebook
  • facebook dislike button
  • facebook event
  • facebook scam
  • Facebook spam
  • facepalm
  • Fake Symantec security check
  • fakeAV
  • fareit
  • FedEx
  • FedEx spam
  • first post
  • flv media player
  • foistware
  • free riot code scam
  • free riot codes
  • free riot points
  • free riot points scam
  • free RP generator
  • fun
  • gina lisa
  • google earth
  • google image poisoning
  • google images
  • hacked hotmail
  • Hacked Hotmail accounts
  • hakin9
  • Hewlett-Packard ScanJet
  • hotfile
  • hotmail
  • illegal games
  • infostealer
  • ING
  • IP and RP Hack Download
  • java
  • java exploit
  • kuluoz
  • lame old malware
  • League of Legends
  • League of Legends MultiHack Generator
  • League of Legends RP generator
  • League of Legends RP hack
  • linkedIN
  • LoL
  • LoL RP Hack
  • low detection
  • malvertising
  • malware
  • malware analysis
  • malware analysis lab
  • malware cleaning
  • malware lab
  • malware puzzle
  • malware tools
  • medfos
  • messenger
  • MSN
  • neosploit exploit kit
  • paypal
  • paypal spammail
  • PC Speed Maximizer
  • pcspeedplus
  • PDF
  • phishing
  • poker games
  • potentially unwanted program
  • pricegong
  • PUP
  • pushdo
  • Quervar
  • Question and Answer
  • rabobank
  • ransomware
  • rapidshare
  • redkit exploit kit
  • RemovalTool.exe
  • Riot codes scam
  • Riot points scam
  • roguevertising
  • rogueware
  • rootkit
  • sasfis
  • scam
  • scareware
  • security
  • security conference
  • security.nl
  • skype
  • skype worm
  • social engineering
  • spam
  • spear phishing
  • spim
  • survey scam
  • team cymru
  • technoviking
  • tepfer
  • test
  • trojan
  • twitter
  • United Parcel Service
  • UPS
  • UPS spam
  • verizon spam
  • video
  • vmware
  • wellsfargo
  • whitesmoke
  • Windows Antibreaking System
  • windows live
  • WinMHR
  • worm
  • XDocCrypt
  • yontoo
  • youtube
  • youtube comment spam
  • youtube spam
  • youtube top comments
  • zeus

Blog Archive

  • ►  2013 (18)
    • ►  September (2)
    • ►  August (2)
    • ►  July (1)
    • ►  June (3)
    • ►  May (2)
    • ►  April (1)
    • ►  March (1)
    • ►  February (3)
    • ►  January (3)
  • ►  2012 (14)
    • ►  November (1)
    • ►  October (2)
    • ►  September (2)
    • ►  August (3)
    • ►  July (1)
    • ►  June (2)
    • ►  April (3)
  • ►  2011 (15)
    • ►  December (1)
    • ►  September (1)
    • ►  June (1)
    • ►  April (3)
    • ►  March (1)
    • ►  February (5)
    • ►  January (3)
  • ▼  2010 (14)
    • ►  December (3)
    • ►  November (1)
    • ▼  October (6)
      • The Botnet Wars: a Q&A
      • The Botnet Wars: a Q&A (teaser)
      • WinMHR: Free Malware Detector
      • USPS Delivery Problem NR5808038‏
      • BruCon write-up
      • [SPAM] He found himself leading the process
    • ►  September (2)
    • ►  August (1)
    • ►  March (1)
Powered by Blogger.

About Me

Unknown
View my complete profile