Phrozen RunPE Detector 2.0

Detect some hidden malware in seconds



Malware uses many tricks to hide its process, and one of the most common is known as RunPE. Essentially this involves starting a known and trusted process - Explorer.exe, say - then replacing its code with the malware's own.

Phrozen RunPE Detector is a free tool which scans the headers of your processes in memory, and compares them to their disk images. If a process has been exploited by RunPE then there should be a difference, and you'll see an alert.

Phrozen RunPE Detector can even try to remove whatever malware it detects, although we wouldn't rely on it being successful: if you find something, then we'd recommend using a full-strength antivirus engine to investigate further.

The other small bonus here is that Phrozen RunPE Detector allows you to close multiple processes in a single operation (right-click, Kill...).

Note also that the program can't yet scan 64-bit processes (though it can check 32-bit processes on 64-bit Windows).

Verdict ratingsratingsratingsratingsratings

Phrozen RunPE Detector doesn't do very much, but it really can identify RunPE-based malware, and as it's both a) quick and b) no-strings free we'd recommend grabbing a copy for your security toolkit.

Specification: Phrozen RunPE Detector 2.0:

Windows XP,Windows Vista (32 bit),Windows 7 (32 bit),Windows Vista (64 bit),Windows 7 (64 bit),Windows 8,Windows Server,windows 10
Phrozen Software
Date Added:
June 23, 2017

"Recommended For You"

New malware program 'Punkey' infecting point-of-sale systems Choosing between two flavours of Windows