Get A free Scan. Protect yourself -- buy CyberDefender Anti-Spyware 2006 today.
The Collabarative Internet Security Network® (CISN) is the backbone that connects these components, protecting both the Internet and your PC.
Compare Bargains on Anti-Virus
Returning Virus, keep getting a virus report even after removal? Other links
|
CyberDefender AntiSpyware 2006 offers ultimate early detection and protection from invasive spyware on your computer. With quickly-updated information from our cutting-edge, high-speed detection network, AS-2006 scans your hard drive and reports security risks that could be monitoring your on-line actions or sensitive personal information without your knowledge. With a paid license, you can choose to quarantine or delete those items. CyberDefender products can co-exist alongside other commercial security systems. Get A free Scan. Protect yourself -- buy CyberDefender Anti-Spyware 2006 today. The Collabarative Internet Security Network® (CISN) is the backbone that connects these components, protecting both the Internet and your PC. |
|
CyberDefender AntiSpyware 2006 offers ultimate early detection and protection from invasive spyware on your computer The Collabarative Internet Security Network®: (CISN) The backbone that connects these components, protecting both the Internet and your PC. |
 |
CyberDefender represents a dramatic shift from a manual, time-based multi broadcast-management system to a fluid, threat-based distributed system for alerts and updates that includes a universal threat grading system, the Universal Severity Scale®. CyberDefender fights a broad spectrum of attacks, from spyware to viruses. CyberDefender is better because it is faster.
CyberDefender protects users during the early hours of infectious attacks, while conventional vendors are still analyzing the threat. The CyberDefender collaborative network, combined with an expert system that automatically analyzes and inoculates against potential threats, relays alerts and updates securely and quickly. As a result, CyberDefender defenses are routinely updated in less than an hour after discovering an infectious threat, instead of the 12 or more hours and more for existing solutions. |
 |
AVG
Anti-Virus Protection. For ALL your viral protection needs. Home and Small Office, Small and Medium Businesses and Enterprise. Founded in 1991, with corporate offices in Europe and the USA,
AVG is focused on developing software solutions that provide protection from computer viruses.
AVG primary focus is to deliver the most comprehensive and proactive protection available on the market.
Distributed globally through resellers and through the internet, the AVG Anti-Virus product line supports all major operating systems and platforms. More than 30 million users around the world use AVG products to protect their computers and networks. Employing some of the world's leading experts in antivirus software, specifically in the areas of virus analysis and detection, software development, and antivirus support, uniquely positioned to continue its leadership in the industry. Continues to invest in R&D, teaming with leading universities to maintain its technological edge. |
Panda Software Anti-Virus and Security software. Includes free On-Line Scanning and Heat Maps
Microsoft free PC safety scan. Windows Live safety scanner is a free service designed to help ensure the health of your PC. Check for and remove viruses. Get rid of junk on your hard disk Improve your PC's performance. Online. More hard drive links More Diagnostics and Security
The Microsoft Malware Protection Center (MMPC) is the authoritative source of antimalware research and response on the Windows platform.
The Microsoft Security Intelligence Report (SIR) provides an in-depth perspective on the changing threat landscape including software vulnerability disclosures and exploits, malicious software (malware), and potentially unwanted software. Using data derived from hundreds of millions of Windows computers, and some of the busiest online services on the Internet, this report also provides a detailed analysis of the threat landscape and the changing face of threats and countermeasures and includes updated data on privacy and breach notifications.
| Free Microsoft PC safety scan. Free Antivirus check and more YouTube Video | ||
|
Microsoft free PC
safety scan. Windows Live safety scanner is a free service designed to help
ensure the health of your PC. Check for and remove viruses. Get rid of junk on
your hard disk Improve your PC's performance. Online. Microsoft Security Assessment Tool (MSAT) is a risk-assessment application designed to provide information and recommendations about best practices for security within an information technology (IT) infrastructure. More hard drive links More Diagnostics and Security |
Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It?s easy to tell if your PC is secure ? when you?re green, you?re good. It?s that simple. Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software. Microsoft Security Essentials is a free, for genuine users, download from Microsoft that is simple to install, easy to use, and always kept up to date so you can be assured your PC is protected by the latest technology. It?s easy to tell if your PC is secure ? when you?re green, you?re good. It?s that simple. Microsoft Security Essentials runs quietly and efficiently in the background so that you are free to use your Windows-based PC the way you want?without interruptions or long computer wait times.
Windows Defender is software that helps protect your computer against pop-ups, slow performance, and security threats caused by spyware and other unwanted software by detecting and removing known spyware from your computer. Windows Defender features Real-Time Protection, a monitoring system that recommends actions against spyware when it's detected, minimizes interruptions, and helps you stay productive.
Microsoft Security Anti-Malware, etc...
How to Use Windows Malicious Software Removal Tool (MRT.EXE) in Vista, XP, 2000 and 2K3 Malicious Software Removal Tool is basic, but it?s free, and comes installed automatically on most
Windows O/S machines. The program does not have any shortcut in Start Menu nor desktop or Quick Launch area. Actually WMSRT runs in the background once every month without your
knowledge, You can manually execute and run the MSRT, (Malicious
Software Removal Tool), with the following
command MRT.EXE into the Start>Run box Here are some switches that may be used with the MSRT ?/Q or /quiet ? Use quiet mode. This option suppresses the
user interface of the tool. CIS Center for Internet Security. More Diagnostics
and Security links. Housecall
Antivirus As always, it's a good idea to keep your virus scanner up to date
with the most recent virus definitions. If you do not have a virus scanner, you
can run a free virus scan on your computer.
Antiphishing.org Anti-Fraud Organizations and Links
Corporate Anti-Fraud Policies
Conficker (aka Downadup, Kido) is known to block access to over 100 anti-virus and security websites. If you are blocked from loading the remote images in the images shown on this site top table above (AV/security sites) but not blocked from loading the remote images in the second row (websites of alternative operating systems) then your Windows PC may be infected by Conficker (or some other malicious software). Webwasher
Anti Virus provides in-depth protection against a multitude of blended
threats at the corporate gateway while offering unmatched, lightning speed
performance through its innovative Antivirus PreScan technology. Webwasher
Anti Virus is the only solution in the market with Anti Virus Multi-Scan,
offering up to three anti-virus engines to scan Web and E-Mail traffic to
fulfill the most rigorous security requirements.
RogueRemover,
(Freeware), is a utility that can remove various rogue antispyware,
antivirus and hard drive cleaning utilities.
Keylogger Hunter - Detects Keyboard Monitoring Programs Eddy Willems' official and
original homepage for Anti-Virus consultancy with links to all Anti-Virus sites
and companies. VProtector
mIRC Contains mIRC virus
scanner (F-Mirc Worm Scanner) to scan and remove all kinds of mIRC
viruses and worms. mIRC is a
shareware Internet Relay Chat client for Windows.
Internet Relay Chat (IRC) is
one of the most popular and most interactive services on the Internet. Sure, the
Web is nice for finding info and E-mail beats snailmail hands down, but when
you've been wondering'where the others are?', then IRC is what you're looking
for. IRC is the net's equivalent of CB radio. But unlike CB, Internet Relay Chat
lets people all over the world participate in real-time conversations. IRC is
where the Net comes alive! RapidBlaster
runs as a task at Windows startup. It downloads advertising from the Internet
and displays it periodically. The most recent variants of RapidBlaster will
"morph" themselves to evade detection. Periodically,
RapidBlaster will download data from its controlling server that contains a new
folder and filename. It will then copy itself to that folder, terminate the
original process, delete the original file, and run the new file in the new
location. PC
Security Software Protection Range. Anti-virus, Firewall, Privacy Defender,
Spam Shield, Popup Blocker, Delete files PERMANENTLY, etc... European Institute for Computer Antivirus
Research. EICAR Association of anti Virus Asia Researchers. AVAR
Google Safe Browsing Check a website to see if it has been listed as possible hosting badware Stop Badwear. The "Badware" problem. We've all seen it happen: you or someone you know has downloaded something from the internet that seemed harmless enough at the time. Next thing you know, the computer has slowed to a crawl. Pop-up advertising starts to appear out of nowhere. Private information gets sent to some company you've never heard of. And the worst part? Trying to uninstall the software sometimes makes the problem worse. Find out more...
What is Badware. StopBadware works with its network of partner organizations and individuals to fight back against viruses, spyware, and other badware. (What is badware?) Here
are a few ways to join the effort: Prevent or remove badware on your computer. Clean & secure your website to protect your site?s visitors. Report a badware URL to our Clearinghouse. Learn from & contribute to our online
community, BadwareBusters. Share your experience with badware through StopBadware Stories. Stop Badware Blog Search Badware Website Clearinghouse
Virus Spreaders also spread emails and messages throughout the Internet to get you to delete files you need, thus creating havoc for your system. These are probably hoaxes. Resources for validating virus/ hoax information: McAfee
V Myths
Symantec F-Secure
Yahoo Security Centre More Yahoo Knowledge.
Trend Secure HouseCall is a FREE Web-based tool designed to scan your PC for a wide range of Internet security threats including viruses, worms, Trojans, and spyware. It also detects system vulnerabilities and provides a link so you can easily download missing security patches. After each scan, HouseCall delivers a detailed report, which identifies security threats detected on your computer.
F-Secure Online Virus Scanner is a free service. Use it to find out if your computer is infected and disinfect your computer if needed.
PhishGuard
is a simple, FREE software service for computers running Microsoft
operating systems (Windows 98 through XP) and any version of Microsoft
Internet Explorer 4.0 or greater. PhishGuard harnesses the collective
observations of Internet users to detect and rapidly disable Internet Phishing
or Spoofing attacks designed
to steal critical financial data. Cyberhawk. Designed to complement your current antivirus solution, Cyberhawk is a new behavior-based security software that stops the most aggressive threats of all: Zero-Day threats so new that signature-based programs have yet to develop defenses against them. Cyberhawk detects and protects you against viruses, worms, trojans and a wide range of spyware. Easy to use, instantly effective and light on system resources. Best of all, it is completely free.
Threat
Fire - Virus Protection - Freeware
a-squared
Web Malware Scanner. Test your system with the a-squared scanner for
Trojans, Backdoors, Worms, Dialers, Spyware/Adware, Keyloggers, Rootkits,
Hacking Tools, Riskware and TrackingCookies. Completely free directly from the
web browser. No extra download and no installation with registration required.
Belarc
Advisor builds a detailed profile of your installed
software and hardware,
missing Microsoft
hotfixes, anti-virus status, CIS
(Center for Internet Security) benchmarks, and displays the results in your Web
browser. All of your PC profile information is kept private on your PC and
is not sent to any web server. More Diagnostics
and Security links. Security
Config, your security portal. Here you can find all of the tools you need to
secure your website, business, data, and everything else digital. Downloads
ranging from: Anti Virus Software, Cookie Tools, Desktop Security, Email
Security, Encryption , Enterprise Monitoring , Firewalls, Network Security, Password
Software, SSH Tools and more. ICSA Labs
sets standards for information security products and certifies over 95% of the
installed base of anti-virus, firewall, IPSec VPN, cryptography, SSL VPN,
network IPS, anti-spyware and PC firewall products commonly deployed in the
world today. Castlecops Information and news about Viruses and Spyware, Security Risks, etc Virus Total Upload a file for Virus checking service that analyzes suspicious files and
facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... The Internet Crime
Complaint Center (IC3) has reported about Scareware. Scareware is
design to scare you into take an action, which will usually cause you some type
of problems. For example indicating that you have a virus on your computer and
to remove it you should run a program, the program suggested which is said will
remove the virus could actually infect your computer. The IC3 warned
users that although these pop-up security warnings look authentic and sometimes
even appear to be running a real-time anti virus scan of the users computer,
they are not to be trusted. The scareware is intimidating to most users
and extremely aggressive in its attempt to lure the user into purchasing the
rogue software that will allegedly remove the viruses from their computer, the
note stated. If a user receives these anti-virus pop-ups, it is recommended to
close the browser or shut the system down, then run a full trusted anti-virus
scan, (not any supplied by any such warnings), whenever the computer is turned
back on. More scamming information. Anti-POP-UP & Toolbars.
VeriSign's iDefense Security Lab:- Latest software releases from labs.idefense.com
This plugin allows users of the Hex-Rays decompiler plug-in for IDA Pro to
hide some unnecessary local variables within decompiled functions. For
information about how it works, refer to the included source code. This plugin was tested with the latest version of the Hex-Rays decompiler
and IDA Pro as of the release date. That is, Hex-Rays v1.0.0.90129 and IDA
Pro 5.4.0.921.
This may happen because of Windows XP system restore feature. This is able to restore your software to an earlier time. For example you've installed some software that has caused problems with your computer drivers and that even a standard uninstall does not fix it. In this case a system restores will be able to return your system back to before the time when you installed the problematic software. System restore is semi-automatically able recovering eliminated files or the system settings for example if the where accidentally changed. Windows XP keeps modified elements inside its hidden directory, called _restore This is protected so that its contents can't be normally changed by anything else. This feature is an advantageous if you need to return your system to an earlier state. With anti-virus/anti-spyware it may cause an issue that while the anti-virus/anti-spyware may have removed the virus/spyware the _restore files may still contain that virus. The anti-virus/anti-spyware may detect again the infected file in the _restore folder but it may not be able to remove it because the file is protected by the operating system. How to remove anti-virus/anti-spyware from the System Restore folder:-
Log on as the Administrator or with the details of
the user that has administrator rights. Click with the right button of the mouse on My
Computer. After turning off the system restore, as sown above you may also need to download a program and install
WinDirStat Delete System File Information Utility.
This Utility is a DOS batch file and is used to delete System File Information.
This Utility is provided as-is without any warranty, obligation or
guarantee of any kind. THIS MAY AFFECT THE WAY WINDOWS RESPONDS and
PERFORMS. DO NOT CONTINUE UNLESS YOU ARE SURE YOU HAVE NO OTHER WAY
OF SOLVING THE PROBLEM. Note that the System Volume Information folders will be
rewritten by Windows. Even if you have System Restore turned off Before using
Turn OFF System Restore See above video how to.
Carry out a full Anti-Virus and SpyWare Removal check.
I also suggest you perform a full Registry Clean:-
CCleaner is a freeware system
optimization, privacy and cleaning tool. It removes unused files from your
system - allowing Windows to run faster and freeing up valuable hard disk space.
It also cleans traces of your online activities such as your Internet history.
Additionally it contains a fully featured registry cleaner. But the best part is
that it's fast (normally taking less than a second to run) and contains NO
Spyware or Adware! :)
Wise Registry Cleaner is one of the safest Registry
cleaning tools available in the market today. Its scanning engine is thorough,
safe and fast. The Delete System File Information Utility is a DOS Batch file that requires your Windows User name.
Therefore any shortcut will need to be modified to allow for this.
<<< This is a how to.
Your system may be a bit different to this depending on your folder option.
More How to Restore a Windows XP system to a previous State using System Restore
After completing these steps, carry out a full scan of your computer using the antivirus/antispyware program in order to ensure that it correctly disinfected.
Enable Tool is a small
and easy to use application that allows you to re-enable your Task Manager,
Registry, USB 2.0 Ports, Folder Options after a virus attack.
USB Drive links European
Institute for Computer Anti-virus Research (EICAR). Supply the Anti-Virus Or Anti-Malware
Test File. (Note you should get a virus warning when
ever you try to download or use this file.) This contains links to
files that contain a harmless test file which virus detectors are programmed to
treat as a virus. If you receive alerts from your anti-virus software,
do not be alarmed. Accessing these sites may leave
the Test Virus in your Temporary Internet Files.
Carry out a full virus scan after access.
How to Use this Test.
PC Security
Test A free program for Windows that checks computer security against
viruses, spyware and hackers. With a few mouse clicks, users can easily control
the efficiency of their protection software (anti-virus programs, spyware
scanners and firewalls). PC Security Test simulates virus, spyware and hacking
attacks and monitors the responses of your protection software. Don't
worry, no real viruses are involved. Accessing
these sites may leave the Test Virus in your Temporary
Internet Files. Carry out a full virus scan after access.
The Internet Crime
Complaint Center (IC3) has reported about Scareware. Scareware is
design to scare you into take an action, which will usually cause you some
type of problems. For example indicating that you have a virus on your
computer and to remove it you should run a program, the program suggested
which is said will remove the virus could actually infect your computer.
The IC3 warned users that although these pop-up security warnings look
authentic and sometimes even appear to be running a real-time anti virus
scan of the users computer, they are not to be trusted. The scareware
is intimidating to most users and extremely aggressive in its attempt to
lure the user into purchasing the rogue software that will allegedly remove
the viruses from their computer, the note stated. If a user receives these
anti-virus pop-ups, it is recommended to close the browser or shut the
system down, then run a full trusted anti-virus scan, (not any supplied by
any such warnings), whenever the computer is turned back on.
More scamming
information.
Anti-POP-UP & Toolbars.
Fact sheets Software Industry Professionals has made the following consumer fact sheets available to download: Buying Software Online Guide. Computer Viruses and Spyware Explained. Software Activation Explained.
More fact sheets are made available progressively, so be sure to check back regularly.
Dart File Protection Utility. This Utility is a
DOS batch file and is used to
overwrite all dart*.* files with a safe dummy text file. This is done after they
have been set to enable write to. After this all the the dart*.* files are set
to Read-Only. This make it difficult, not impossible, for any future
programs to recreate the dart*.* files again. This Utility is provided
as-is without any warranty, obligation or guarantee of any kind.
Scams and hoaxes. Fraud warnings. Virus Attacks Diagnostics
and Security ( Phishing
information) Backup/File
Compression Data Recovery Protect
your Usernames and passwords. Protect your system Disaster
Recovery Planning. So how good is your Disaster Recovery Planning?
Web Master Tools and Utilities
YouTubeVideo Link to How to manually run the Microsoft Windows Malicious Software Removal Tool
Microsoft Malicious Software Removal Tool - Free Download
The Microsoft Windows Malicious Software Removal Tool checks
Windows Vista, WIndows 7, Windows XP, Windows 2000, and Windows Server
2003 computers for and helps remove infections by specific, prevalent
malicious software?including Blaster, Sasser, and Mydoom. When the
detection and removal process is complete, the tool displays a report
describing the outcome, including which, if any, malicious software was
detected and removed. The tool creates a log file named mrt.log in the
%WINDIR%\debug folder.
To download the x64 version of Malicious Software Removal Tool, click
here.
This tool is not a replacement for an anti-virus product. To help
protect your computer, you should use an anti-virus product.
Microsoft will release an updated version of this tool on the second
Tuesday of each month. New versions will be made available through this
web page, Windows Update, and the
Malicious
Software Removal Tool Web site on Microsoft.com.
To have the newest versions automatically delivered and installed as
soon as they are released, set the Automatic Updates feature to
Automatic. The version of this tool delivered by Windows Update runs
on your computer once a month, in the background. If an infection is
found, the tool will display a status report the next time you start
your computer. If you would like to run this tool more than once a
month, run the version that is available from this Web page or use the
version on the Malicious Software Removal Tool Web site.
Please review
KB890830 for the list of malicious software that the current version
of the tool is capable of removing as well as usage instructions. Also,
please be aware that this tool reports anonymous information back to
Microsoft in the event that an infection is found or an error is
encountered. The above KB article contains information on how to disable
this functionality and what specific information is sent to Microsoft.
It is strongly recommended that you review
KB891716
before you consider deploying this tool in an enterprise environment.
The user must be an administrator to run this tool. This tool will not
run on any version of Windows 98, Windows ME, or Windows NT 4.0
?/? ? Display a dialog box that lists the command-line switches.
?/N ? Run in detect-only mode. In this mode, malicious software will be reported
to the user but will not be removed.
?/F ? Force an extended scan of the computer. (Full Scan as shown in the video
above).
?/F:Y ? Force an extended scan of the computer and automatically clean any
infections found.
Tekzilla Video about Sandboxie
Sandboxie Runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer.
iDefense Labs Software Releases
FileDissect is a framework for parsing and displaying various binary file formats. It consists of a C++ application that uses wxWindows for a cross-platform GUI used to parse and present Office and other binary file formats.
Size: 37090 bytes
MD5 Sum: 51ca67323d5e6dbea07c1f009e11fd8a
SHA1 Sum: 03e0015d73248514a6b8a9f9b2f200bbf4511b7d
Size: 12k
MD5: D52AF543C05C4DBEC7A98A2DB0D8CD4D
JPExPoC demonstrates embedding shellcode in JPEG image files, exploiting degenerate cases of DCT encoding to prevent information loss in the process. It consists of a few small C programs and a shellscript to bind them together. This package was tested and developed under the Cygwin environment.
Size: 1.9mb
MD5: B75F17199AB6EB781595758C51413EF3
SysAnalyzer is an automated malcode run time analysis application that
monitors various aspects of system and process states.
SysAnalyzer was designed to enable analysts to quickly build a
comprehensive report as to the actions a binary takes on a system.
Updated 1/19/07: added known file db
SysAnalyzer can automatically monitor and compare:
SysAnalyzer also comes with a ProcessAnalyzer tool which
can perform the following tasks:
Full GPL source for SysAnalyzer is included in the installation package:
Overview |
Video Tour
Size: ~469k
MD5: ac44339e856f04e116dde59389583ba9
Updated 11/15/06: Recompiled under Microsoft .NET 2.0
FileFuzz is a graphical Windows based file format fuzzing tool. FileFuzz was designed to automate the launching of applications and detection of exceptions caused by fuzzed file formats.
Size: ~2mb
MD5: 20B5A8F02EC56DDBC230CC1FFEF67D88
Update Summary:
Fixed md5 bug, added jsDecode
Added GdiProcs.exe, mailpot added RSET command, fixed sniffing restart bug
The Malcode Analyst Pack contains a series of utilities that were found to be necessary tools while doing rapid malcode analysis.
Included in this package are:
• ShellExt - 4 explorer shell extensions • socketTool - manual TCP Client for probing functionality. • MailPot - mail server capture pot • fakeDNS - spoofs dns responses to controlled ip's • sniff_hit - HTTP, IRC, and DNS sniffer • sclog - Shellcode research and analysis application • IDCDumpFix - aids in quick RE of packed applications • Shellcode2Exe - embeds multiple shellcode formats in exe husk • GdiProcs - detect hidden processes
For screen shots and tool descriptions please refer to the MAP overview document below:
Sclog Trainer |
MAP Overview
Size: ~900k
MD5: F8D603E836FEFF8771BE6B9BADEEDCBC
iDBG is a Debugger Library packaged as an ActiveX Control which can be easily used from any COM aware language. Designed for the quick development of testing applications that require built in debugging or tracing functionality. iDbg is Open source and released under GPL license.
Sample code provided for VB6, PHP5, and C#.
Size: ~323k
MD5: 03ACBB54380246CABA057841E8268840
Update Summary: Fixed bug that was causing the plug-in to hang
You may have noticed the ghosted "Heap" option under the "View" menu in OllyDBG. The feature is available only under Windows 95 based OSes and is supposed to display a list of allocated memory blocks. The Olly Heap Vis plug-in was written to provide this functionality and more on all modern Windows OSes such as Windows 2000, XP and 2003. The OllyDbg Heap Vis plug-in exposes the following functionality:
More information, screenshots and source code are available in the bundled archive:
Screenshots: List |
Visualize
Size: 2.2mb
MD5: DB7D4E560B07F9CB2A3E5E9A98CBADCB
COMRaider is a tool designed to fuzz COM Object Interfaces.
COMRaider includes:
Help File |
Video Tour
Size: 900k
MD5: 7C44967D47F3EA66DFCC2C4092E83AB6
PUNKui is a simple utility designed to automate the theory behind Punk Ode. Specifically, it is a Windows GUI which will take common image formats (JPG, PNG & BMP) and convert them into PNG files comprised entirely of a NOP sled and embedded shellcode.
Size: ~22k
MD5: a0b40085fca1c9f3d2d1c12c14725c71
Update Summary: Added gml_export() routine for generating GML graphs.
Written as a C.. class, Function Analyzer was originally developed to provide an abstracted layer over "chunked" functions frequently found in Microsoft optimize compiled binaries. As of IDA v4.7 this functionality is built into the SDK. However, Function Analyzer can be used to construct plug-ins compatible across older versions and provides abstracted next_ea()/prev_ea() routines for stepping through an internal "unchunked" instruction list. The abstraction layer also exposes the following function-level information: basic block enumeration (nodes, edges), call count, MD5 hash, CRC, customizable GDL (Wingraph) and GML graph generation.
Size: 245kb
MD5: 2BB04344700CAF643472255F3C4DAFBF
HookExplorer is a small utility designed to scan a target
process and identify any user land hooks that may be installed
by unknown code.
Detects IAT and detours style hooks, and allows the user to define
an 'ignore list' to help cut through results.
Help File |
Screenshot
Size: 209 KB
MD5: F2112F6ED4309AEEC1AE80F394B55325
idastruct - ida structure recognition plugin
idastruct is an ida plugin which aims to assist reverse engineers in identifying high-level objects and structures in binary code.
idastruct utilizes the excellent x86 emulator plugin 'ida-x86emu' by Chris Eagle and Jermey Cooper as a basis for evaluating operand values and determining references within tracked boundaries.
This results in automated creation of IDA structures, enumeration or member references, and renaming of disassembly offsets to symbolic names corresponding to the newly created structures and members in the IDA database.
Size: 80kb
MD5: A7C9DFB633CCBFB0EC1536700EF169BB
Codis is a console-based disassembler written for the purpose of demonstrating the basic logic of a disassembler engine.
This software was released as example code accompanying the information provided in the Toorcon 7 presentation titled 'Disassembler Internals'.
Codis is written in C and will compile for Linux or Win32 Cygwin environments.
Screenshot |
Readme
Size: 1.2Mb
MD5: 552C2888770D5E489139DDFD6C8B064E
IDACompare is a plugin designed to compare and match up equivalent functions across two IDA databases. IDACompare was primarily designed for analyzing changes across malcode variants, it should also find good use when conducting patch analysis.
Once function matches have been made, names can be ported across disassemblies, or sequentially renamed in both.
Project also implements a signature scanner, letting you build your own listing of known functions.
Overview |
Video Tour
Size: ~1.7mb
MD5: 275282740BD58E9658848B1FBDF0FD71
Update Summary: Added 2 PNP Shellcode Handlers
Multipot is a emulation based honeypot designed to capture malicious code which spreads through various exploits across the net. Design specifications for this project mandated that the captures be done in such a way so that the host machine would require only minimal supervision and would not itself risk getting infected. Multipot was designed to emulate exploitable services to safely collect malicious code.
Who would use MultiPot and why?
• ISP's to monitor their networks.
• Corporate security personnel to be warned of infections.
• Security researchers to build statistics of Internet health.
• Virus researchers to collect new samples of malware in the wild.
• Hobbyists and students to learn more about Internet security.
More information and source code is available in the bundled install file:
Online Help file |
Screenshot
Size: ~79k
MD5: 8198bd8a3d5b18b5aa36335ab8cd3ec2
notSPIKEfile is a linux based file format fuzzing tool. It was designed to automate the executing the launching of applications and detection of exceptions caused by fuzzed file formats.
Size: ~104k
MD5: c57a794dbfb7c950abb0047b13bb8b5e
SPIKEfile is a Linux based file format fuzzing tool, based on SPIKE 2.9. It was designed to automate the executing the launching of applications and detection of exceptions caused by fuzzed file formats.
Size: ~160k
MD5: 94cb360d064b6ca76f5e06c0a7149b20
Update Summary: Bug fix in automatic breakpoint list loading.
OllyDBG has excellent breakpoint manipulation capabilities and can store breakpoint information across debugging sessions for the main module being debugged. However, there are some limitations to the available functionality which this plug-in attempts to address. The OllyDbg Breakpoint (BP) Manager plug-in was written to provide three main functions- breakpoint exporting, breakpoint importing and automatic breakpoint loading. Offsets are used in place of absolute addresses to support setting and restoring breakpoints on modules that move around in memory. More information, examples and source code are available in the bundled archive.
We encourage users to submit useful breakpoint sets they have created with OllyDbg Breakpoint Manager to us for credit and inclusion in future releases and on the release web site.
Size: ~960k
MD5: 0621cfa79dc899eabbe671b924844cb1
Update Summary: Couple of bug fixes, see CHANGELOG.txt for details.
Process Stalking is a term coined to describe the combined process of run-time profiling, state mapping and tracing. Consisting of a series of tools and scripts the goal of a successful stalk is to provide the reverse engineer with an intuitive visual interface to filtered, meaningful, run-time block-level trace data.
The Process Stalker suite is broken into three main components; an IDA Pro plug-in, a stand alone tracing tool and a series of Python scripts for instrumenting intermediary and GML graph files. The generated GML graph definitions were designed for usage with a freely available interactive graph visualization tool.
Data instrumentation is accomplished through a series of Python utilities built on top of a fully documented custom API. Binaries, source code and in-depth documentation are available in the bundled archive. Relevant slideshows from Process Stalker presentations are available on the speaking engagements page. Binaries, source code and in-depth documentation are available in the bundled archive. The usage manual and Python API docs are also available online.
Screenshots: Trace Graph Close-up
Size: ~200k
MD5: ceb8465b010a871ffe5685d003eabaaa
Update Summary: Fixed missing library path (/lib/tls).
dltrace is a dynamic library call tracer which attempts to remain portable to all x86 platforms that support ELF binaries and expose a debugging interface via procfs or the ptrace() system call. The shared library call tracing is done at a level which allows calls to all symbols exported by loaded libraries to be traced. In addition, dltrace does not rely on rtld symbols to retrieve library and symbol information and is capable of determing function arguments dynamically via run-time disassembly.
Size: ~70k
MD5: e4086cfbe1b501f4ca0bd2473d272c07
Update Summary: Ported to IDA 4.8
Built on top of the IDA Function Analyzer, pGRAPH (Pedram's Grapher), provides an interface to generate more detailed and user defined control-flow graphs using the bundled Wingraph package. Extended features include: support for "chunked" functions, instruction level coloring, edge customization (manhattan vs splines), layout algorithm and more.
Screenshots: Options |
Sample
Size: ~225k
MD5: 19ddfa0ab42939e1aa83f81688c7a261
Update Summary: Ported to IDA 4.8
IDA Sync was written to allow multiple analysts to synchronize their reverse engineering efforts with IDA Pro in real time. Users connect to a central server through the ida_sync plugin. Once connected, all comments and name changes made with the registered hot keys are immediately transmitted to all other users working on the same project. The central server stores a copy of all changes as well, allowing new analysts to jump on the project and immediately receive up to date information.
Included in the source release is a C.. class providing IDA Pro plugin developers with an abstracted asynchronous IPC interface.
Size: ~8k
MD5: 731fa609c8a61e202c76af9c737e9ef9
This IDC script will scan through an IDA database locating and marking the relevant RPC server data structures. It will then enumerate the dispatch routines from the DispatchTable. The script outputs the addresses of the discovered structs / functions and was designed to automate the otherwise tedious manual process of locating RPC routines to audit.
Author: Richard Johnson
Size: ~15k
MD5:fc8808cf5d7dbd1a2472f8322fa4c59f
The Attack Vector Test Platform was written over the course of research for the paper and presentation titled "A Comparison Buffer Overflow Prevention Implementations & Weaknesses" which was presented at the 2004 Black Hat and Defcon computer security conferences. The test platform allows for assessing the effectiveness of combinations of attack buffer placement and execution control vectors against various buffer overflow prevention software technologies.
Returning Virus, keep getting a virus report even after removal?
How to turn off System Restore option
Click with the right button of the mouse on My Computer.
Select Properties.
Click System Restore tab.
Click in the Turn off System Restore all drives checkbox.
This box should now have a tick in it.
(This may take a few seconds).
Click Apply and then OK.
How to reactivate the System Restore option, it is recommended that you have this option turned on.
Select Properties.
Click in the Turn off System Restore all drives checkbox.
This box should now NOT have a tick in it.
(This may take a few seconds)
Click Apply and then OK.
Will list out all your hard drives folders as well as in graphical
form.
It will allow you to access the System Volume Information folder.
Highlight the "_restore{ .....}" folder and then go to the menu to choose
"delete". Then the folder will be deleted.
How to create a shortcut to the
Delete System File Information Utility:-
How to create a shortcut to the Delete System File Information Utility.
Manually
Delete that stubborn Virus File Thanks to
BetaFlux
This video will show you how to manually delete that stubborn
virus file that just will not go away.
Other links
Getting hooked: Phishing, pharming and online threats
Virus Bugs. Joking
:) Dancing Virus Bugs.
A Computer Portal. Freeware, Shareware. Download software. Computer languages and Programming code. Including PERL Scripts and Java Scripts. Webmaster Tools. Internet Marketing, Website promotion. Hardware Help from BIOS to Windows and UNIX.
® © ™ are owned by respective authors and websites. There may be a charge for some software. Google™ is a trademark of Google Inc, These pages are not endorsed by Google or any other Company
