2011년 12월 24일 토요일

PowerTool 4.2 (2011.12.24, english support)

IThurricane (Maker) Blog

Project Home


PowerTool is a free anti-virus&rootkit utility.It offers you the ability to detect,
analyze and fix various kernel structure modifications and gives you a wide scope of the kernel. With its help,you can easily spot and remove malwares hidden from normal software.

PowerTool currently supports the following Windows 32-bit versions:
for Windows PE/Safe Mode/Windows XP/Windows 2003 Server/Vista/Windows 2008 Server/Windows7 SP1 (32bit)

* Microsoft Visual C++ 2008 필요 - Microsoft Visual C++ 2008 Redistributable Package (x86) - http://goo.gl/yoTz

Update Log

2011-12-24 PowerTool V4.2(twitter : http://twitter.com/ithurricane && google+ : ithurricane@gmail.com)
1. Detect VBR Bootkit(such as Rootkit.Win32.Cidox)
2. Detecting/Memory Forging Attempt by a Rootkit(such as TDL4 variants)
1. Enhance Detect IDT Hook
2. Analyze Disk/Register File without load Driver
3. Fix some Offline Analyze BUG.

2011년 12월 21일 수요일

X-Ray 1.0

블로그 - http://www.raymond.cc/blog/xray/
다운로드 - http://www.raymond.cc/xray/XRay.zip

X-Ray는 Raymond.cc에서 제작했으며, 기능으로는 VirusTotal에 파일을 보내어 검사 및 결과를 볼수 있게 도와주며, 선택한 Antivirus 벤더에 Web, Email 방식으로 의심되는 파일을 보내어 악성 유무를 알수있게 도와줍니다.

자세한 내용은 블로그를 참고하세요.

An antivirus software cannot detect all viruses which is why they also depend on users to submit samples to their virus analyst for manual analysis through various methods. It can be either through a web form, email or a special tool which makes it very troublesome to submit samples because every web form is not the same and they have different prerequisites. For example, some wants the file to be sent in raw format and some wants you to compress the file to ZIP or 7z. Some requires you to use a specific password for the ZIP file and some don’t. Other than that, submitting samples to SUPERAntiSpyware requires a special tool called SUPERSampleSubmit. It is nearly impossible for an individual to submit samples to multiple antivirus companies because it is just way too troublesome, until X-Ray has been created.
X-Ray is a software created by raymond.cc that automates submission of files that you think is suspicious to 31 (Avast, AVG, Avira, Bitdefender, ClamAV, Comodo, Dr.Web, Emsisoft, ESET, CA, Fortinet, F-Prot, F-Secure, Ikarus, K7Antivirus, Kaspersky, McAfee, Microsoft, Norman, nProtect, Panda, PC Tools, Prevx, Rising, SUPERAntiSpyware, Symantec, TheHacker, VBA32, Vipre, ViRobot, VirusBuster) antivirus companies for manual analysis by virus analyst professionals with a click of a button.

- Automatically submit files to 31 different antivirus companies via email or web based submission method for manual analysis.
- Change submission method for a particular antivirus from Settings
- Test email settings
- Retrieve latest scan report from VirusTotal
- Send file to VirusTotal for scanning
- Two methods of sending files to VirusTotal (Email and API)
- Automatic failover when chosen method for sending suspicious files to VirusTotal fails
- Copying MD5 hash and results to clipboard via right click context menu.
- History (VirusTotal detection report and Analysis Submission date & time)
- Auto Update
- Support Windows XP/Vista/7 (32bit & 64bit)
- Freeware (no spyware or adware embedded)


2011년 12월 20일 화요일

COMODO Internet Security 5.9.219863.2196 Released

CIS (COMODO Internet Security) 5.9로 업데이트 되었습니다. 현재 CIS 사용자는 자동업데이트가 진행됩니다.

*CIS 5.9.219747.2195 사용자는 COMODO Internet Security 5.9.219863.2196로 업로드 과정이 이루어집니다.

무선 인터넷 보안 기능(Trustconnect)이 CIS에 포함되어 있으며 CIS가 무선 인터넷을 감지할시 자동으로 Trustconnect가 실행됩니다. CIS 설정에 있던 'Show traffic animation in the tray' 메뉴가 방화벽 설정 메뉴 안으로 이동되었습니다.

Antivirus에 COMODO Autorun Analyzer 기술이 내재되어 빠르게 검사를 실행하는 'Smart Scan' 기능이 추가되었습니다.

말웨어 제거 기능이 개선되었으며 Antivirus 설정에 Script 파일 검사시 생기는 딜레이를 감소하고자 'Do not scan script files larger than (MB)' 메뉴가 추가되었습니다.

CIS 환경설정 (More -> Preferences -> General) 부분 메뉴가 개선되었습니다.

CIS 설치시 COMODO에서 개발중인 웹브라우저 'Dragon'이 선택되어있습니다. 필요없을시 체크 해제를 한후 설치를 진행하세요.

Nero등 프로그램과의 호환성을 개선했습니다.

We have just released COMODO Internet Security/Firewall/Antivirus 5.9! This is a minor maintanence release with a few new but exciting features.

What's New in Version 5.9?
NEW! Seamless Trustconnect integration: CIS now detects unsecured wireless connections and lets you use your trust connect account seamlessly
NEW! Smart Scan: We have introduced one of the smartest quick scans in the world based on COMODO Autorun Analyzer Technology.
IMPROVED!Malware deletion: Some files were not able to be deleted by CIS even after reboot
IMPROVED!We have moved some of the settings in from More->Preferences to their releveant sections in Firewall Settings etc.
IMPROVED!Dragon is included with CIS setup(Optional like GB)
FIXED!CAV causes some applications e.g. Nero to load too late

EDIT: For version 5.9.219863.2196
FIXED! Installer or Updater is set as policy when Trusted Application is chosen from the popup alerts

Download Locations:

COMODO Internet Security Premium - FULL Installer
Size: 82 MB

COMODO Internet Security Premium - Online Installer
Size: 2.4 MB

Automatic Updates:
You can update your exsiting copies using automatic updater or running More->Check For Updates command and following the instructions on the screen.

2011년 12월 17일 토요일

COMODO Cleaning Essentials 2.3.219500.176 Released

이번에는 프로그램의 버전 업데이트 확인 기능이 추가되었으며, 약간의 버그 수정 및 UI(사용자 인터페이스) 개선이 있었습니다.

COMODO 포럼 게시물 - https://forums.comodo.com/news-announcements-feedback-cce/comodo-cleaning-essentials-23219500176-released-t79476.0.html

COMODO Cleaning Essentials 2.3 build 176 has been released. There are some minor bug fixes and UI improvements in this release.

What's new in CCE 2.3.219500.176?
NEW Checking for program updates
FIXED Terminated process is shown in process view of KillSwitch as light-red in some cases
FIXED 8G memory is not shown correctly in system information page of KillSwitch
FIXED Memory leaks in LoadedModules view of KillSwitch
FIXED Paths of some kernel modules are not parsed correctly in KillSwitch
FIXED Rundll32 arguments are not parsed correctly in Autorun Analyzer

Download Locations:
32 Bit Operating Systems

64 Bit Operating Systems

2011년 12월 6일 화요일

XueTr 0.45 [2011-12-03]

홈페이지 - http://www.xuetr.com

다운로드 - http://xuetr.com/download/XueTr.zip

A powerful anti-virus (rootkit) tools to hand to support 32-bit 2000, xp, 2003, vista, 2008, and Win7 operating system. 

Author QQ microblogging: http://t.qq.com/linxer welcome to listen, after XueTr situation will be released here.
This tool is currently achieve the following functions:
1 processes, threads, process modules, process window, process memory, timer, hotkey information to view, kill the process, kill the thread, unload the module and other functions
(2) kernel driver module view, to support the kernel driver module memory copy
3.SSDT, Shadow SSDT, FSD, KBD, TCPIP, Classpnp, Atapi, Acpi, SCSI, IDT, GDT information view, and can detect and recover ssdt hook and inline hook
4.CreateProcess, CreateThread, LoadImage, CmpCallback, BugCheckCallback, Shutdown, Lego, etc. Notify Routine information view, and supports the removal of these Notify Routine
5 port information view, the current system does not support the 2000
6 See the news hook
7 kernel modules iat, eat, inline hook, patches detection and recovery
8 disk, volume, keyboard, network layer filter driver detection, and supports the deletion of
9 Registry Editor
10 process iat, eat, inline hook, patches detection and recovery
11 file system view, supports basic file operations
12 View (edit) IE plug-in, SPI, startup items, services, Host files, image taking, file associations, system firewall rules, IME
13.ObjectType Hook detection and recovery
14.DPC timer to detect and remove
15.MBR Rootkit detection and repair
16 hijacked kernel object detection
17.WorkerThread enumeration
Disclaimer: This is just a small tool to free aid, if you use this tool to you directly or indirectly caused the loss, damage, I am not responsible. Your use of the gadget from the moment, you are deemed to have accepted this disclaimer.


2011년 12월 1일 목요일

COMODO Cleaning Essentials 2.2.217899.172 Final Released

CCE의 마지막 버젼이 나왔습니다.

디자인 면에서 KillSwitch,CCE는 좀더 정돈된 모습을 보입니다.

Malware에 의해 KillSwitch.CCE 실행이 안될시 'SHIFT' 키를 누른상태에서 KillSwitch,CCE를 실행하면 윈도우 기본 프로세스를 제외한 모든 프로세스는 종료되는 공격모드로 실행되어 Malware를 제거할수 있습니다. 

CCE에 Smart 검사 기능 추가 및 Antivrus DB를 이전에 저장된 COMODO Antivirus의 DB(bases.cav)를 가져올수 있어 새로이 DB를 다운받지 않아도 됩니다 (Tools -> Import Virus Database).

KillSwitch에는 부팅시 이루어지는 과정을 기록하는 기능(Tools -> Enable Boot logging)이 추가되었습니다.

그외 다양한 기능(MBR검사,Quick Repair 기능, Malware 검사)의 개선 및 수정이 이루어졌습니다.

CCE 포럼 - https://forums.comodo.com/comodo-cleaning-essentials-killswitch-autoruns-cce-b246.0/

What's new in CCE 2.2.217899.172 at a glance?

NEW New KillSwitch
NEW Aggressive mode in KillSwitch and CCE (start with SHIFT key pressed)
NEW Autorun Analyzer
NEW Smart scan in CCE
NEW Boot logging feature in KillSwitch
NEW “Import Virus Database” feature in CCE
IMPROVED More powerful disk access method when scanning for malware
IMPROVED More powerful Quick Repair in KillSwitch
IMPROVED MBR scanner for multiple operating system configurations
FIXED BSOD when releasing kernel hooks under certain circumstances
FIXED CCE may crash when analyzing NTFS steams under certain circumstances
FIXED System file protection during cleanup

Download Locations:

32 Bit Operating Systems

64 Bit Operating Systems