Saturday, October 23, 2010

WinMHR: Free Malware Detector


Today I checked out WinMHR brought to you by: Team Cymru

Now, what exactly is WinMHR ? (This is copied from the website)

WinMHR is...


  • Free - No ads, reminders, or disabled features - for both non-commercial and commercial use.
  • Private - No files or any content is sent across the network.
  • Fast - No heavy analysis is done on your PC. Our servers take care of the heavy lifting.
  • Accurate - We aggregate results of over 30 anti-virus engines, so we detect a far greater percentage of malware than a single, traditional anti-virus product.
  • Up-to-Date - No "definition" or "signature" files need to be downloaded, all updates are done on our servers.
  • Easy to Use - A more user-friendly, point-and-click interface for our established and proven MHR service.

WinMHR is NOT...


  • intended as a replacement of traditional anti-virus, it is an augmentation of your existing anti-virus.
  • a malware removal or blocking tool; it is a malware detection tool.

I tested WinMHR on 10 samples of the infamous rogue AV 'Security Tool':
2 out of 10 samples are known malware


When you first start WinMHR, it does a scan of your running processes. This makes it very easy to view MD5s of all running processes, as well as which modules are loaded under each process.


Down below you can find an additional video on how to use WinMHR:

video
Link: http://media.team-cymru.org/WinMHR/movies/introduction.mov

You can download WinMHR from here.


Conclusion:

WinMHR is a good tool for having a second opinion, but if you really want to be sure about the validity of a file (malware/goodware), I advise to also use the VirusTotal Uploader or VT Uploader (http://www.virustotal.com/advanced.html )
Simply right click a file and send it to VirusTotal.

The big difference between WinMHR and VirusTotal is that WinMHR will not upload your file, it will only check the MD5 checksum. If you send a file to VirusTotal, you will upload it to their servers, and they can decide what to do with it.

Keep in mind that WinMHR does not prevent malware nor can it replace a traditonal antivirus. As a supplement it comes in very handy.

Additionally, it would be nice if x64 will be supported in the near future.


Note: I did not help or contribute in developing this tool, I simply reviewed it.

No comments:

Post a Comment