WinMHR: Free Malware Detector


WinMHR is a free security tool that provides a similar function as the VirusTotal website but with some additional features, and more to come. WinMHR is not a replacement for antivirus but it works great in conjunction with one (I’d recommend Avast! for a free antivirus.).

The name stands for Windows Malware Hash Registry, which largely describes its functionality. WinMHR will calculate a hash for a file and then check against its database to see if it has identified that file to be related to malware.

The software comes in the form of an 8MB installer and takes up 26MB of RAM while running. WinMHR works on Windows XP SP3, Vista, Windows Server 2008, and Windows 7. It is completely free with no ads, reminders, or paid versions.

You can set it to run when Windows starts or only be on-demand. The advantage of WinMHR is that your files remain private. The hashing is done locally and only the hash is sent across the wire to the Team Cymru servers.

The interface is simple enough and is logical for WinMHR’s tasks. The Summary tab allows you to drag-and-drop files or folders into the application and initiate the process of analyzing them. You can also get a quick read-out of whether current running processes or previously scanned files are known malware.

Beyond the Summary tab, you can view current running processes to see if any malware is detected running in the background.

The Files tab allows you to view a summary of any files you’ve had scanned by WinMHR. It shows you the name, hashes, status, and other factors of any files so that if malware does show up you can more easily track down the source and eliminate it.

Upcoming features (based on comments from Krebs on Security):

  • Ability to report false positives
  • Ability to monitor a specific folder
  • Firefox Add-on version



  • Unable to scan 64-bit processes.
  • Doesn’t help remove malware, just detect it.
  • Odd situation from my experience: Launching WinMHR starts up WISPTIS.exe, Microsoft Tablet PC Components, and freezes my mouse until I kill the WISPTIS process.

Check out WinMHR from Team Cymru to complement your current computer security. On their website you can also find a bit more explanation and a video detailing the program. You might compare WinMHR to a similar tool for VirusTotal, VirusTotal Uploader, to add to your security toolbox but with VT, you will be uploading the files to their servers.