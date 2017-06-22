Phrozen RunPE Detector 2.0

Detect some hidden malware in seconds

22 June 2017

Windows

Mike Williams

Our Rating: 3.5
Date: 22-06-2017
Award: None
License: Freeware
Developer: Phrozen Software

Malware uses many tricks to hide its process, and one of the most common is known as RunPE. Essentially this involves starting a known and trusted process – Explorer.exe, say – then replacing its code with the malware’s own.

Phrozen RunPE Detector is a free tool which scans the headers of your processes in memory, and compares them to their disk images. If a process has been exploited by RunPE then there should be a difference, and you’ll see an alert.

Phrozen RunPE Detector can even try to remove whatever malware it detects, although we wouldn’t rely on it being successful: if you find something, then we’d recommend using a full-strength antivirus engine to investigate further.

The other small bonus here is that Phrozen RunPE Detector allows you to close multiple processes in a single operation (right-click, Kill…).

Note also that the program can’t yet scan 64-bit processes (though it can check 32-bit processes on 64-bit Windows).

