How to disinfect Trj/Sirefef and Rootkit/ZAccess with Yorkyt.exe disinfection tool

Zillya!Scanner -безплатен анти-вирусен скенер за премахване на вируси, троянски коне, червеи и шпионски софтуер!

http://download.zill...aScanner_en.zip

Пакетът Vba32 е предназначен да помогне на потребителите да решават проблеми с различни видове вирусни инфекции.Проверката се състои от конзола Vba32 скенер за Windows, комунални услуги Vba32AntiRootkit и набор от предварително дефинирани задачи.

http://www.anti-viru.../Vba32Check.exe

Безплатни са и не изискват инсталация!

Редактирано 2 април 201214 г. от Гост (преглед на промените)

AntiWinLockerLiveCD v3.3 http://www.antiwinlocker.ru/index.php?option=com_rokdownloads&view=file&Itemid=119&id=12

Acronis Backup and Security 2011: Acronis Antimalware CD

Описание:

AcronisAntimalwareCD e медия,от която можете да сканирате вашата системата за зловреден софтуер.

• Set up the BIOS of your computer to boot off the CD;
• Put the CD in the drive and reboot the computer;
• Wait until the Acronis Rescue CD screen appears. Select the option to start Acronis Rescue CD and then press Enter:

  

• Click here to download Acronis Antimalware CD.

• Повече инфо тук: http://kb.acronis.com/content/18647

Редактирано 14 април 201214 г. от Гост (преглед на промените)

AdwCleaner е надежден инструмент за премахване на рекламен софтуер, лента с инструменти и потенциално опасни програми!

http://www.softpedia...oad-212632.html

Rootkit Remover 0.8.4

http://www.softpedia.com/get/Antivirus/Removal-Tools/Rootkit-Remover.shtml

Редактирано 19 април 201214 г. от Гост (преглед на промените)

Vba32 AntiRootkit 3.12.5.7 beta build 588

• Registry hives parsing mechanism has been added. Direct registry access is performed in Autorun and Drivers & Services ( from Registry ) windows, and in report as well
• Added Low-Level Registry Access Tool window. Operations on hidden, locked and forged registry keys / values
• Restoration of modified MBR partition table
• Vba32 Defender: added information about command line and parend pid ( for processes ). Ability to block the creation of new registry keys and setting of registry values
• Reboot on Exit option
• Support of Windows 8 Consumer Preview. Support of Windows 8 Developer Preview has been dropped
• Force reset option
• Overall work robustness of antirootkit was improved
• Stability of direct mass storage access library was improved
• Stability of Vba32 Defender was improved
• Fixed bugs in self-protection module
• Fixed bugs in GUI
• Help in Russian was improved

Пълен лист с инструменти за борба с руткити:

X-Ray 1.0.0.102 - http://bugczech.fu8.com/bin/kX-Ray_v1.0.0.102_XP32_beta.zip (dead link -> use mirror)

kX-Ray 1.0.0.102 (mirror) - http://www.kernelmode.info/ARKs/kX-Ray_v1.0.0.102_XP32_beta.zip

Mandiant Memoryze - http://fred.mandiant.com/MemoryzeSetup.msi

McAfee Rootkit Detective - http://download.nai.com/products/mcafee-avert/McafeeRootkitDetective.zip

modGREPER - http://invisiblethings.org/tools/modGREPER/modGREPER-0.3-bin.zip (dead link -> use mirror)

modGREPER (mirror) - http://www.kernelmode.info/ARKs/modGREPER-0.3-bin.zip

NIAP Rootkit Detect Tools - http://www.rootkit.com/vault/uty/NIAPAntiRootkitTools.rar (dead link -> use mirror)

NIAP Rootkit Detect Tools (mirror) - http://www.kernelmode.info/ARKs/NIAPAntiRootkitTools.rar

Norton Power Eraser http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe

Panda Antirootkit - http://research.pandasecurity.com/blogs/images/AntiRootkit.zip

Process Hunter - http://www.wasm.ru/baixado.php?mode=tool&id=359

Process Walker - http://www.rootkit.com/vault/DiabloNova/ProcessWalker.rar (dead link -> use mirror)

Process Walker (mirror) - http://www.kernelmode.info/ARKs/ProcessWalker.rar

Radix - http://www.usec.at/downloads3/radix_installer.zip

RegReveal - http://www.geocities.jp/kiskzo/regreveal_v10beta3.zip

RootkitDetector - http://www.tarasco.org/security/Rootkit_Detector_rkdetector/RootkitDetector.zip

Rootkit Unhooker 3.8 SR2 - http://www.kernelmode.info/ARKs/RkU3.8.389.593.rar

Rootkit Revealer - http://download.sysinternals.com/Files/RootkitRevealer.zip

RootQuest (dead link) - http://comsentry.com/files/RootQuest_v1.exe

RootQuest (mirror) - http://www.kernelmode.info/ARKs/RootQuest_v1.rar

RootRepeal - http://rootrepeal.googlepages.com/RootRepeal.rar

Safe'n'Sec Personal Pro + Rootkit Detector - http://www.safensoft.com/sns/snsrd_eng.exe (dead link -> use mirror)

Safe'n'Sec Personal Pro + Rootkit Detector (mirror) - http://www.kernelmode.info/ARKs/snsrd_eng.exe

SafetyCheck 1.7 - http://yyuyao.googlepages.com/SafetyCheck1.7Beta.rar

SanityCheck 2.00 - http://www.resplendence.com/download/sanitySetup.exe

Sophos Antirootkit - http://www.sophos.com/products/free-tools/sophos-anti-rootkit/download/

Stealth MBR Rootkit Detector - http://www2.gmer.net/mbr/mbr.exe

SysProt Antirootkit - http://sites.google.com/site/sysprotantirootkit/Home/SysProt.zip?attredirects=0&d=1

SysReveal - http://www.sysreveal.com/download/SysReveal.zip

TDSS Remover - http://www.esagelab.com/files/tdss_remover_latest.rar

Tizer Rootkit Razor - http://www.tizersecure.com/freedownloads/Tizer%20Rootkit%20Razor%20Setup.msi (dead link -> use mirror)

Tizer Rootkit Razor (mirror) - http://www.kernelmode.info/ARKs/Tizer%20Rootkit%20Razor%20Setup.msi

TrendMicro RootkitBuster - http://www.trendmicro.com/ftp/products/rootkitbuster/RootkitBuster_3.60.1016.zip

Tuluka Kernel Inspector - http://tuluka.org/tlk/Tuluka_v1.0.394.77.zip

Tukula Kernel Inspector (mirror) - http://www.kernelmode.info/ARKs/Tuluka_v1.0.394.77.zip

VBA32 Antirootkit - ftp://anti-virus.by/pub/vba32arkit.zip

XueTr - http://xuetr.com/download/XueTr.zip

XueTr CLI - http://www.xuetr.com/download/XueTr_Cmd.zip

YasKit 1.223 - http://qzdx.kafan.cn/down1//AntiSpyWare/2009/YasKit1.223.rar (dead link -> use mirror)

YasKit 1.223 (mirror) - http://www.kernelmode.info/ARKs/YasKit1.223.rar

64-bit Tools

ESET SysInspector http://www.eset.eu/en/eset-sysinspector

Sophos http://www.sophos.com/en-us/products/free-tools/sophos-anti-rootkit.aspx

TrueX64 (mirror) - http://www.kernelmode.info/ARKs/TrueX64.rar

http://www.kernelmode.info/forum/viewtopic.php?f=11&t=10

Днес излезе новата версия на антивирусния скенер AVZ - 4.39

Новото във тази версия:

[++] Множество доработок в визардах и скриптах эвристики

[++] Поиск и восстановление повреждений настройки SafeBoot

[+] Поиск и нейтрализация перехватов UserMode, осуществленных не в начале машинного кода функции

[+] База чистых - вызовы типа "cmd.exe /c xxxx" более не считаются легитимными - по базе чистых проверяется то, что запускается через CMD, а не сам файл "cmd.exe"

[+] Блокировка "зацикливания" при сканировании ссылок в файловой системе Win7/Vista

[+] Скрипты, функция RegSearch - добавлен поиск по значениям параметра REG_MULTI_SZ

[+] Детектирование "вредоносного кода в реестре" - обнаружение ключей автозапуска, содержащих запуск последовательности команд интерпретатора командной строки (по сути хранимый в реестре аналог BAT файла) с оценкой потенциальной опасности

[+] Эвристика на исполняемые файлы в папке автозапуска (предупреждение в протоколе, автокарантин), не опознанные по базе чистых

[+/-] Скрипты, функция BackupRegKey,ExpRegKey, ExpRegKeyEx - добавлена поддержка параметров типа REG_QWORD, исправлено сохранение REG_MULTY_SZ

[-] Скрипты, TFileSearch - исправлена ошибка вывода даты найденных файлов

[+] Скрипты, TFileSearch - добавлена возможность получения даты последней модификации и последнего доступа

[-] Исправлена команда "Безопасность: IE - запретить запуск программ и файлов в IFRAME без запроса", вставляемая по одноименной ссылке в протоколе

[+/-] Исправлена и доработана операция 15 в восстановлении системы

[+/-] Доработан анализ ключей автозапуска в исследовании системы и менеджере автозапуска (открытие ключей в режиме "только чтение")

[-] Порты TCP/UDP - исправлена ошибка, которая периодически появлялась на Win7/Win8 (в случае ошибки список портов был пустой)

[-] Исправлено множество опечаток в русскоязычной документации

[-] Исправлена проблема с ошибкой чтения значений параметров ключа реестра, доступных только на чтение

MD5:

AVZ:

avz4.zip - E2A31CD47047F84396C3C6E2CB123E49 (размер 8 121 555 байт)

avz4.exe - 9F29CF250136A702570726914817E0A2 (размер 764 928 байт)

Официален сайт:

http://z-oleg.com/index.php

UVK - Ultra Virus Killer

http://www.carifred.com/uvk/

Bitdefender Flamer Removal Tool: Detect And Remove World’s Most Advanced Malware

Bitdefender has released a standalone Flamer removal tool for both 32-bit and 64-bit versions of Windows. You can use this tool to find out if you’re infected with Flamer malware (Trojan.Flamer.A/B) and remove, if infected.

http://labs.bitdefender.com/2012/05/cyber-espionage-reaches-new-levels-with-flamer/

Аз когато видя вирос го чистя с аваст обаче като е сериозен вироса минавам на Anti Maware

Аз когато видя вирос го чистя с аваст обаче като е сериозен вироса минавам на Anti Maware

Пишете по-грамотно моля. И какво общо има този пост с тази тема. Тук се постват нови и интересни програми за борба със специфични и трудни зарази, а не дискусия кой какво ползва.

Panda Cloud Cleaner

Panda Cloud Cleaner is a cloud-based malware detector for Windows PCs

Panda Cloud Cleaner is pretty basic, but it gets the job done in terms of detecting malware that could be a threat to your computer.

http://pandacloudcleaner.pandasecurity.com/facebook/

http://www.facebook.com/pandacloudcleaner

Bitdefender 60-Second Virus Scanner

Bitdefender 60-Second Virus Scanner is a free and easy-to-use PC desktop app that utilizes the world's #1 ranked scanning technology to alert users of active viruses that are lurking on their computers.

• Lighting fast scans
• Proactive silent scanning
• Cloud based technology
• Easy to use, intuitive interface

Изтегляне: http://download.bitd...nd/60Second.exe

HitmanPro 3.7.0 Build 183

 

 

• Changes in Build 183:
• FIXED: On some systems, booting from Kickstart USB flash drive resulted in blinking cursor.
• UPDATED: Kickstart bootstrap loader to version 1.1.
• UPDATED: Bulgarian language.

 

http://www.surfright.nl/en/downloads

MCShield 2
 
Програмата е комбинация от широко използвания инструмент за почистване на USB зарази (доскоро самостоятелен инструмент) - USBNoRisk и подобрена евристика от MCShield 1
MCShield 2 е програма предназначена да предпазва от зарази разпространяващи се чрез USB устройства (флашки, външни хардискове, SD карти и т.н.). Лека, бърза и по-умна от всякога. Спокойно може да се нарече, МBAM при флашките. Дори и интерфейсите им си приличат:

 

Разполага с опции за обновяване на дефинициите и сканиране на руут папките на дяловете и флашката...така дори при изключен Autorun, може да се засекат варианти на Taterf, Dorkbot и т.н.
 
Лиценз: Безплатен
Официална страница

Системни изисквания: 32/64 bit Windows XP, Vista, Windows 7, Windows 8.

GMER 2.0.18327

 

- Added support for Windows 8
- Added full support for Windows x64
- Added Trace I/O function
- Added disk "Quick scan" function

 

http://www.gmer.net/

Най-накрая - новината бързо обиколи форумите.

Доста време му отне при наличието на aswar и aswmbr (които бяха разработки на avast! + автора на Gmer)...но важното е, че вече новата версия е тук.

Стана страшно за гадините - mbar, tdsskiller, aswmbr, gmer, frst. Остава само CF да мине и той на Windows 8 и работата спи.

Ъпдейт на UVK - Ultra Virus Killer

 

http://www.kaldata.com/forums/topic/87628-специфични-средства-за-борба-със-зловреден-соф/?p=2247978

 

Version: 4.6.0.0

 

Промени:

 

 

 

Added a new section: UVK smart uninstaller. Fixed a bug of showing wrong folder size for big folders in the UVK log. Added a new fix: Clear Windows event logs. Added a new fix: Fix local group access. Added a new custom command: UpdateSoftware. General internal debugging and improvement.

 

Homepage
Download (Default Download Link)
Download (Portable)
Download (Majorgeeks))

 

Огромни възможности:

 

 

 

Features:

Process manager:
* Filter all the running processes by the executable path.
* Select and manage several processes at once.
* Kill the selected processes.
* Kill all the processes with the same path as the selected ones.
* Kill processes and delete parent file simultaneously.
* Kill all the listed processes.
* Kill all the listed processes except the system processes.
* Verify the processes files' signatures.
* Search information about a process's file over the internet.
* Submit one or more processes MD5 to VirusTotal using the VT API.
* Open the processes files locations.
* View the processes parent file properties.

Startup Entries and services and Drivers/Tasks:
* Delete startup entries, infected services, drivers or scheduled tasks and corresponding files simultaneously.
* Select and manage several entries at once.
* Verify startup entries files signatures.
* Search information about a file over the internet.
* Submit one or more entries files MD5 to VirusTotal using the VT API.
* Open the registry key where the entry is located with regedit.
* Open the entry's file location.
* View the entry's file properties.
* Maximizable window on these sections for a better view.

Delete file or folder:
* Delete files and folders even if they're being used by applications.
* Delete running executable files.
* Delete files and folders that you can't normally delete using Windows explorer.
* Choose to whether delete the files definitely or move them to the recycle bin.

Scan & create log:
* Perform a full analysis of your system and save it to a text file that you can send to a friend, professional or post in a forum, or analyze it yourself.
* Choose the areas you want to scan and show in the log.
* Choose whether to show Microsoft signed file in the log.
* Choose where to save the log.
* Choose whether to verify the scanned files digital signatures.
* Perform other custom scans, live retrieving specific information on file, folders, registry entries, or automatically get the VirusTotal analysis result for a file.

Run UVK Scripts:
* Disinfect your computer by pasting lines from UVK log to delete corresponding registry entries and files.
* Use custom commands to download files, execute programs, delete or add registry entries, terminate processes and delete files and folders, run cmd scripts and register system dll's or run UVK Fixes.
* Create system restore points, empty the recycle bin and all users temporary folders.
* Create and run scripts that perform complete system repair and maintenance.
* Automatically run any of the UVK fixes or scans.

Repair system and UVK Fixes:
* Fix your computer with more than fifty exclusive fixes: Fix file extensions, register system dlls, enable and repair Windows update, clear dns and hosts cache, reset user default registry settings, fix installation problems, empty all browsers cache, reset security settings, defragment and optimize the hard drives, install Java, Flash, DirectX, .Net Framework, Fix the WMI and the system restore, delete all restore points, fix the windows shell and the user shell folders and much more.

System Info:
* Show information that can be very useful specially if you're going to reinstall windows or if you need to diagnose a performance or hardware problem. This includes the processor, memory and page file usage, OS and office product keys, and hardware and users info.
* Export this info to a comprehensive html file on the desktop.

* Analyze your own UVK logs easily, submit MD5 hashes to VirusTotal and create UVK scripts to disinfect, cleanup and repair your computer using the included Log analyzer.

* Installation in two clicks and very small size for quick download and startup.

* Auto update feature to ensure you're running the latest version.

* Command line switches for full automation of the tool.

Choose the file you want to download. Portable versions install and run automatically in one or two seconds, but you can't choose the setup options and they don't create a system restore point before installing.

If your .exe file extension has been corrupted by malware, download the .com version.

Supports all Windows OS

 

Малко ревю:

 

Редактирано 20 януари 201313 г. от Гост (преглед на промените)

 Bitdefender Rootkit Remover

 

 

 

 

http://labs.bitdefender.com/projects/rootkit-remover/rootkit-remover/

 

 

 x86 version of Bitdefender Rootkit Remover

x64 version of Bitdefender Rootkit Remover

 

 

 PC Hunter V1.0 released, supports Win8 and 64-bit systems (re-development on the basis of the original XueTr )

 

http://www.xuetr.com/

 

                                                     

 

Readme файл:

 

 PCHunter anti-rootkit is a free and handy toolkit for Windows with various powerful features for kernel structure viewing and manipulation.It offers you the ability with the highest privileges to detect, analyze and restore various kernel modifications and gives you a wide scope of the kernel.With its assistance, you can easily spot and neutralize malwares hidden from normal detectors.

PCHunter currently supports the following Windows versions:

Windows 2000 SP4 (32-bit only)
Windows XP (32-bit only)
Windows Server 2003 (32-bit only)
Windows Vista (32-bit only)
Windows Server 2008 (32-bit only)
Windows 7 (32/64)
Windows 8 (32/64)

Currently,the following features are available:

*Process Manager
View system process and thread basic information.
Detect hidden processes,threads,process modules.
Terminate, suspend and resume processes and threads.
View and manipulate process handles,windows and memory regions.

*Kernel Module Viewer
Display kernel module information including ImageBase,Size,Driver Object,ImagePath,ServiceName and Load Order.
Detect hidden kernel modules.
Unload kernel module(dangerous).
Dump kernel image memory.
Display and delete system driver service information.

*Hook Detector
View and restore SSDT,Shadow SSDT,sysenter and int2e hooks.
View and restore FSD and keyboard disptach hooks.
View and restore kernel code hooks including kernel inline hooks,patches,IAT and EAT hooks.
View and restore usermode process hooks incluing inline hooks,patches,IAT and EAT hooks.
View and restore message hooks(both global and local).
View and restore kernel ObjectType hooks.
Display Interrupt Descriptor Table(IDT).

*System Callback Viewer
Display and remove Kernel Notifications(Process/Thread/Image/Registry/Lego/Shutdown/Bugcheck/FileSystem/Logon).

*Network Viewer
Display current network connections, including the local and remote addresses and state of TCP connections.
View and delete IE plugins and context menu.
View and restore tcpip dispatch hooks.
Display winsock providers(SPI).
View and edit hosts file.

*Filter Viewer
View and remove filters for common devices including disk,volume,keyboard and network devices.

*Registry Viewer
View and edit system registry.
Detect hidden registry entries using live registry hive analysis.

*File Explorer
Detect hidden files using both disk analysis and driver methods.
View and delete locked files and folders.
View file basic information including NTFS Alternate Data Streams.

*Autorun Manager
Display and delete common autorun entries.

*Service Manager
Display Win32 service information (for Ring0 modules,it is included in Kernel Module Viewer).
Change service status and configuration.

*DPC Timer
Enumerate and delete DPC Timer objects.

*Miscellaneous
View and repair common filetype assosications.
View and repair image hijacks.

*Settings
Option to defense from process creation,thread creation,module load and message hook installation.
Option to defense from file creation,registry key creation.
Option to prevent system suspend,log-off,shutdown and reboot.
Option to prevent locking workstation and switching destop.
option to prevent setting system time.

Warning:Use it at your own risk.This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.


2013-01-22 V1.0:
*Finish the first version.

www.epoolsoft.com
2013-01-22 Beijing.China.

TNN, поздрави!

Благодаря за последния пост! Беше ми много от полза!

B-boy[styLe] 

Относно MCShield 2, преди малко я инсталирах и никъде не намерих Custom Scan? Въобще има ли такава опция?

 

 

 

 

AviraRemoval Tool

 

 

 

AviraRemoval Tool

 

Removal Tool for:

 

Sober.J/P/Y

TR/Agent.imh/its

TR/Drop.Agent.qna.2/Agent.qna.1

TR/PSW.Delf.AH/Kates.C.25

TR/Spy.Delf.tge/Banker.AATZ/Banker.AATZ.1/Banker.AATZ.2/Banker.AATZ.3

W32/Induc.A

W32/Stanit.A

Worm/NetSky.P

B-boy[styLe] 

Относно MCShield 2, преди малко я инсталирах и никъде не намерих Custom Scan? Въобще има ли такава опция?

 

Е те това е Custom-a:

 

Free - Scan your PC for viruses and malware now!

 

http://www.emsisoft.com/en/software/ax/

 

Онлайн скенер.