Malware uses many tricks to hide its process, and one of the most common is known as RunPE. Essentially this involves starting a known and trusted process — Explorer.exe, say — in a suspended state, replacing its code with the malware’s own, then starting it up. Even running something like Process Explorer won’t reveal any problems unless you look very, very closely. Phrozen RunPE Detector is a free tool which scans the headers of your processes in memory, and compares them to their disk images. It sounds too simple a technique, but it really does work: if a process has… [Continue Reading]
via BetaNews http://ift.tt/1CnTpQQ