PDA

Просмотр полной версии : Vba32 AntiRootkit 3.12.3 beta



sergey ulasen
16.09.2009, 19:29
VirusBlokAda Ltd. glads to offer you a new version of Vba32 AntiRootkit and invite you to participate in beta testing of our product.
Links to download:

ftp://anti-virus.by/beta/Vba32arkit_beta.rar

ftp://anti-virus.by/beta/Vba32arkit_beta.zip

ftp://vba.ok.by/vba/beta/Vba32arkit_beta.rar

ftp://vba.ok.by/vba/beta/Vba32arkit_beta.zip

The following techniques of kernel-mode rootkit detection are implemented in Vba32 AntiRootkit:
searching for SYSENTER hooks;
searching for hooks by replacing addresses in SSDT table;
searching for hooks by replacing addresses in Shadow SSDT table;
searching for hooks by modifying IDT table;
searching for export table modifications of main kernel modules (ndis.sys, hal.dll, ntoskrnl.exe);
searching for hooks by modifiying machine code (splicing);
searching for hooks by replacing addresses of IRP packet handlers;
searching for hooks by replacing addresses of FastIO request handlers;
searching for kernel modules hidden in the memory. If an object is considered as hidden, it'll be marked as Hidden in memory;
searching for processes hidden in memory. If an object is considered as hidden, it'll be marked as Hidden in memory;
searching for kernel modules which image on the hard drive doesn't correspond to the image in the memory. Such objects will be marked as Modified image;
searching for installed kernel mode notificators.

Moreover the following additional techniques are implemented:
scanning autoruns;
scanning drivers and services specified in the registry;
scanning all obtained objects (process files, autoruns, loaded drivers/services and kernel modules);
checking digital signature of all obtained objects (process files, autoruns, loaded drivers/services and kernel modules);
displaying additional information retrievied from file resources.

The following features are designed for neutralizing rootkits:
restoring hooks in SSDT table;
restoring hooks in Shadow SSDT table;
restoring hooks in IDT table;
restoring hooks in main kernel modules (ndis.sys, hal.dll, ntoskrnl.exe);
restoring hooks made by machine code modifications;
restoring SYSENTER hooks;
removing specified objects from autoruns;
enabling/disabling drivers/services specified in the registry;
copying specified files to the quarantine early in the system boot;
deleting specified files early in the system boot;
scanning and deleting autorun.inf files;
removing installed kernel mode notificators.

Vba32 AntiRootkit allows user to collect information, which may help in solving problems at user's computer.

Vba32 AntiRootkit has English help (Vba32ArkitEN.chm file).

You can send your feedback to beta[at]anti-virus.by or post it here.

Naughty
21.09.2009, 22:12
VBA does not appear correct path to the run file. Look pls on the Attach. :)

Instrument will be tested and repaired the MBR sector in the future?

Thank you for your reply :beer:

sergey ulasen
22.09.2009, 19:15
VBA does not appear correct path to the run file. Look pls on the Attach. :)

Instrument will be tested and repaired the MBR sector in the future?

Thank you for your reply :beer:

Now Vba32 AntiRootkit doesn't have techniques for searching processes, modules, hooks and other in ring3. We'll do it in the future (next versions).
Product is constantly evolving. Now we are working up a low level disk access.

Naughty
26.09.2009, 10:49
Now Vba32 AntiRootkit ......


Thanks for the info.

NeonFx
26.09.2009, 15:40
:hi: Hi there. Excellent job in making such a great tool. I really like how neat the log file is.

I have one concern. I use Vista, and my monitor runs in 1280x800 resolution. The font in the program makes it so that it is virtually unreadable. Is there a problem with how the fonts adjust according to the host's resolution?

See attached .jpg

sergey ulasen
28.09.2009, 13:02
Hi, NeonFx!

Sorry for delay.


:hi: Hi there. Excellent job in making such a great tool. I really like how neat the log file is.


Thanks 8)



I have one concern. I use Vista, and my monitor runs in 1280x800 resolution. The font in the program makes it so that it is virtually unreadable. Is there a problem with how the fonts adjust according to the host's resolution?

See attached .jpg

Do you use non-standard type or alternative theme for your Vista (as Aston for example)?

NeonFx
28.09.2009, 19:48
Do you use non-standard type or alternative theme for your Vista (as Aston for example)?

Hi sergey,

No, I do not use an alternative theme for Vista. All I did was edit the color scheme in the Windows Vista Basic theme from blue to black.

I have used Vista for about two years now. I have not seen this problem with any other program, which is why I brought it up.

Do you think maybe there's a setting on my computer I can change to fix this?

I have attached Higher quality pictures so that you may see the difference more clearly. They are zipped because of the limits on size.

Thank you :)

sergey ulasen
29.09.2009, 18:48
No, I do not use an alternative theme for Vista. All I did was edit the color scheme in the Windows Vista Basic theme from blue to black.

I have used Vista for about two years now. I have not seen this problem with any other program, which is why I brought it up.

Do you think maybe there's a setting on my computer I can change to fix this?

I have attached Higher quality pictures so that you may see the difference more clearly. They are zipped because of the limits on size.

Ok.
I think it's our error. We'll try to reproduce problem. Thank you.

NeonFx
29.09.2009, 23:03
Alright :) Let me know if you need any information.

NeonFx
03.10.2009, 00:32
I am so sorry about this but it seems to actually be a problem with my system, not the program.

I noticed the same font when using MalwareBytes AntiMalware. Most of the text is the way it should be, except for the font on the tabs at the top.

I apologize for any inconvenience this caused. I still have no idea how to fix it on my own system though. I'll play around to see what I can find.