WinMHR: Free Malware Detector

WinMHR is a free security tool that provides a similar function as the VirusTotal website but with some additional features, and more to come. WinMHR is not a replacement for antivirus but it works great in conjunction with one (I’d recommend Avast! for a free antivirus.).

The name stands for Windows Malware Hash Registry, which largely describes its functionality. WinMHR will calculate a hash for a file and then check against its database to see if it has identified that file to be related to malware.

The software comes in the form of an 8MB installer and takes up 26MB of RAM while running. WinMHR works on Windows XP SP3, Vista, Windows Server 2008, and Windows 7. It is completely free with no ads, reminders, or paid versions.

You can set it to run when Windows starts or only be on-demand. The advantage of WinMHR is that your files remain private. The hashing is done locally and only the hash is sent across the wire to the Team Cymru servers.

The interface is simple enough and is logical for WinMHR’s tasks. The Summary tab allows you to drag-and-drop files or folders into the application and initiate the process of analyzing them. You can also get a quick read-out of whether current running processes or previously scanned files are known malware.

Beyond the Summary tab, you can view current running processes to see if any malware is detected running in the background.

The Files tab allows you to view a summary of any files you’ve had scanned by WinMHR. It shows you the name, hashes, status, and other factors of any files so that if malware does show up you can more easily track down the source and eliminate it.

Upcoming features (based on comments from Krebs on Security):

  • Ability to report false positives
  • Ability to monitor a specific folder
  • Firefox Add-on version

Pros:

Cons:

  • Unable to scan 64-bit processes.
  • Doesn’t help remove malware, just detect it.
  • Odd situation from my experience: Launching WinMHR starts up WISPTIS.exe, Microsoft Tablet PC Components, and freezes my mouse until I kill the WISPTIS process.

Check out WinMHR from Team Cymru to complement your current computer security. On their website you can also find a bit more explanation and a video detailing the program. You might compare WinMHR to a similar tool for VirusTotal, VirusTotal Uploader, to add to your security toolbox but with VT, you will be uploading the files to their servers.


 
 
 
Jason
Jason Hamilton writes the occasional post for FreewareGenius when he finds software worth recommending and the time. He is a full-time system administrator and writes more frequently at 404 Tech Support and AssumeAwesome.
flattr this!
  • tester

    where do you download this? Can you provide download link?

  • Stephen Fletcher

    Can’t seem to download this?

  • http://www.404techsupport.com/ Jason H

    @tester, @Stephen

    You can download it from this link:
    http://media.team-cymru.org/WinMHR/installers/1.0/WinMHR%20Setup.exe

    There was a download button on the page linked to in the article as of last night and I obviously downloaded it before in order to get those screenshots, so I’m not sure why the link was removed.

  • http://www.team-cymru.org Tam Cymru

    Hi folks, I’m Dave Monnier of Team Cymru.

    Our sincere apologies for removing the link. We discovered a problem with the supporting systems to WinMHR that we felt might negatively impact the user experience of WinMHR. We felt it very important to release a great tool with as few issues as possible. As a result, we’ve had to temporarily delay the release of the tool. We don’t expect much delay but have no ETA at the moment.

    Please stay tuned!

  • MikeT

    This certainly looks interesting … would love to test it if/when the download problem is solved …

  • Justin