Last 10 Submissions RSS Feed

KpRm

Sat, 15 Jun 2019 12:40:23 +0000

KpRm is a tool to use to finalize a disinfection, it removes the following software:

AdliceDiag (Tigzy)
AdminRun (g3n-h@ckm@n)
AdsFix (g3n-h@ckm@n)
Ads (g3n-h@ckm@n)
AdwCleaner (Malwarebytes)
AHK_NavScan (Batch_Man)
AlphaDecrypter (Michael Gillespie)
AswMBR (Avast!Software)
AuroraDecrypter (Michael Gillespie)
Autoruns (sysinternals)
AutorunsVTChecker (regist)
Avast Decryptor Cryptomix (Avast!Software)
AVCertClean (fr33tux)
Avenger (swandog46)
Avira Registry Cleaner (Avira)
BitKangarooDecrypter (Michael Gillespie)
BitStakDecrypter (Michael Gillespie)
BlitzBlank (Emsisoft)
BTCWareDecrypter (Michael Gillespie)
Catchme (Gmer)
Check Browsers LNK (Alex Dragokas & regist)
CKScanner (askey127)
Clean_DNS (g3n-h@ckm@n)
ClearLNK (Alex Dragokas)
CMD_Command (g3n-h@ckm@n)
CoinVaultDecryptor (Kaspersky Labs)
Combofix (sUBs)
Crypt38Decrypter (Michael Gillespie)
CryptON Ransomware Decryptor (Emsisoft)
CryptoSearch (Michael Gillespie)
CrystalDiskInfo (portable)
DCryDecrypter (Michael Gillespie)
DDS (sUBs)
Defogger (jpshortstuff)
Dr Web LiveCD
EasyRestorePoint (kernel-panik)
Emsisoft Emergency Kit (Emsisoft)
ESET AES-NI Decryptor (Eset)
ESET Bedep Cleaner (Eset)
ESET Bubnix Cleaner (Eset)
ESET CodplatAA Cleaner (Eset)
ESET Conficker Cleaner (Eset)
ESET Crypt888 Decryptor (Eset)
ESET Crysis Decryptor (Eset)
ESET Daonol Cleaner (Eset)
ESET Dorkbot Cleaner (Eset)
ESET ELEX Cleaner (Eset)
ESET Eternal Blue Checker (Eset)
ESET Filecoder.AA Cleaner (Eset)
ESET Filecoder.AE Cleaner (Eset)
ESET Filecoder.AR Cleaner (Eset)
ESET Filecoder Cleaner (Eset)
ESET Filecoder.NAC Cleaner (Eset)
ESET Filecoder.R Cleaner (Eset)
ESET GandCrab Decoder (Eset)
ESET Goblin Cleaner (Eset)
ESET JS/Bondat Fixer (Eset)
ESET Log Collector (Eset)
ESET Mabezat Decryptor (Eset)
ESET Mebroot Cleaner (Eset)
ESET Medre Cleaner (Eset)
ESET Necurs.A Cleaner (Eset)
ESET Olmarik Cleaner (Eset)
ESET Online Scanner (Eset)
ESET Poweliks Cleaner (Eset)
ESET Quervar.C Cleaner (Eset)
ESET Retacino Cleaner (Eset)
ESET Retefe Detector (Eset)
ESET Rogue Applications Remover (Eset)
ESET Rovnix.A Cleaner (Eset)
ESET Simda Cleaner (Eset)
ESET Sirefef Cleaner (Eset)
ESET SpyEye Cleaner (Eset)
ESET Spy.Tuscas Cleaner (Eset)
ESET Spy.Zbot.ZR Cleaner (Eset)
ESET Superfish Cleaner (Eset)
ESET SysRescue (Eset)
ESET TeslaCrypt Decryptor (Eset)
ESET Trustezeb.A Decoder (Eset)
ESET VB.NAX Cleaner (Eset)
ESET VB.OGJ Cleaner (Eset)
ESET Virlock Cleaner (Eset)
ESET Zimuse Cleaner (Eset)
FilesLockerDecrypter (Michael Gillespie)
FixExec (BleepingComputer)
FixPurge (McVivien2)
FRST (Farbar)
FSS (Farbar)
GetSystemInfo (Kaspersky Labs)
GhostCryptDecrypter (Michael Gillespie)
GIBON Ransomware Decryptor (Michael Gillespie)
GooredFix (jpshortstuff)
GrantPerms (Farbar)
HiddenTear Bruteforcer (Michael Gillespie)
HiddenTear Decrypter (Michael Gillespie)
Hosts-perm.bat (BleepingComputer)
HostsXpert (funkytoad)
InsaneCryptDecrypter (Michael Gillespie)
JavaRa (Fred de Vries et Paul McLain)
Jigsaw Decrypter (Michael Gillespie)
Junkware Removal Tool (Malwarebytes corporation)
Kaspersky Live Rescue (Kaspersky Labs)
Kaspersky Virus Removal Tool (Kaspersky Labs)
KPLive (kernel-panik)
KpTemp (kernel-panik)
ListCWall (BleepingComputer)
ListParts (Farbar)
LogOnFix (Xplode)
Look_my_hardware (g3n-h@ckm@n)
Malwarebytes (log) (Malwarebytes corporation)
MBAR (Malwarebytes corporation)
MBRCheck (a_d_13)
mbr.exe (Gmer)
MbrScan (Eric_71)
McAfee GetSusp (McAfee)
McAfee Pinkslipbot (McAfee)
McAfee RootkitRemover (McAfee)
McAfee Stinger (McAfee)
McAfee Tesladecrypt (McAfee)
MicroCop Decryptor (Michael Gillespie)
Miniregtool (Farbar)
Minitoolbox (Farbar)
MKV (El Desaparecido & C_XX)
Mole02Decryptor (M AV)
NetAdapter Repair All In One (Conner Bernhard)
OneClick2RP (Laddy)
OTA (Old_Timer)
OTC (Old_Timer)
OTH (Old_Timer)
OTL (Old_Timer)
OTM (Old_Timer)
OTS (Old_Timer)
PCHunter (epoolsoft)
PowerLockyDecrypter (Michael Gillespie)
Pre_Scan (g3n-h@ckm@n)
Process Analyzer (g3n-h@ckm@n)
ProcessClose (g3n-h@ckm@n)
QuickDiag (g3n-h@ckm@n)
RakhniDecryptor (Kaspersky Lab)
Rannoh Decryptor (Kaspersky Lab)
RansomNoteCleaner (Michael Gillespie)
RAV (Evosla)
RegtoolExport (Xplode)
Remediate VBS Worm (bartblaze)
Report_Antivir (Laddy)
Report_CHKDSK (Laddy)
ResetBrowser (comment-supprimer.com)
ResetNavigator (SoftwareQuality)
Rkill (Grinler)
RogueKiller (Tigzy)
RogueKiller CMD (Tigzy)
Rooter (Team IDN)
RootkitRevealer (Microsoft)
RstAssociations (Xplode) (scr) (exe)
RstHosts (Xplode)
ScanRapide (Lydem)
Seaf (C_XX)
SecurityCheck (screen317)
ServicesRepair (Eset)
SFTGC (Pierre13)
ShadeDecryptor (Kaspersky Labs)
Shortcut Cleaner (BleepingComputer)
SMBCheck (Webroot)
StrikedDecrypter (Michael Gillespie)
StupidDecryptor (Michael Gillespie)
Symantec Kovter Removal Tool (Symantec)
Symantec Pasobir Removal Tool (Symantec)
Symantec Ramnit Removal Tool (Symantec)
Symantec Tempedreve Removal Tool (Symantec)
System Information Tool (Tweaking.com)
SystemLook (jpshortstuff)
TDSSkiller (Kaspersky Labs)
TFC (Old_Timer)
ToolsDiag (Amesam)
UAC-LEVEL (Amesam)
UAC Manager (Xplode)
UnHide (BleepingComputer)
Unlock92Decrypter (Michael Gillespie)
UnZacMe (g3n-h@ckm@n)
Usb File Resc (Streuner Corporation)
UsbFix (El desaparecido & C_XX)
Webroot DE-BUG (Webroot)
WildfireDecryptor (Kaspersky Labs)
WinChk (Xplode)
Windows Repair All In One (portable) (Tweaking.com)
WinsockAnalyzer (Xplode)
WinUpdatefix (Xplode)
XoristDecryptor (Kaspersky Labs)
ZHPCleaner (Nicolas Coolman)
ZHPDiag (Nicolas Coolman)
ZHPFix (Nicolas Coolman)
ZHPLite (Nicolas Coolman)
ZHPSuite (Nicolas Coolman)
Zoek (Smeenk)

The search for executables downloaded by the user is only performed in the Desktop and the download folder. To respect Nicolas Coolman's choice, the quarantine of ZHP tools located under AppData\ZHP is no longer deleted, however a line in the report indicates its presence. It is now possible since version 2.0 to choose whether to delete quarantines directly, delete them in 7 days or not delete them at all. A new feature allows you to detect tools and choose which files/keys will be deleted.

- Save the registry
To restore hives easily, it is possible to use KPLive: https://github.com/KernelPan1k/KpLive - Delete recovery points - Create a restore point - Restore system settings

Reset DNS cache
Reset the WinSock catalog
Hide hidden files
Hide protected files
Show known file extensions

- Restore the UAC

ConsentPromptBehaviorAdmin (5)
ConsentPromptBehaviorUser (3)
EnableInstallerDetection (0)
EnableLUA (1)
EnableSecureUIAPaths (1)
EnableUIADesktopToggle (0)
EnableVirtualization (1)
FilterAdministratorToken (0)
PromptOnSecureDesktop (1)
ValidateAdminCodeSignatures (0)

Project website: https://kernel-panik.me/tool/kprm/
Source code: https://github.com/KernelPan1k/KpRm

WVCheck.exe

Fri, 04 Mar 2016 18:31:16 +0000

Windows Validation Check (WVCheck) is a tool to find out if the user is using a legit version of windows.
The tool will check when Windows Updates last detected new updates,
when the user has downloaded them and installed them,
unless of course they have turned it off (Could indicate a pirated OS).

WVCheck is pretty straight forward. You run the program,
it tells you to wait, and it will open a notepad file to the user that they can post on the forum for the helper to inspect.

Supports XP, Windows 7, Windows 8, Windows 8.1, Windows 10

Remediate VBS Worm

Mon, 11 Jan 2016 16:34:59 +0000

You can use this to remedy the following malware:

Bladabindi
Excedow
Jenxcus
Houdini/Dinihu
Autorun worms
Any other VBS (VBScript) or VBE malware
Any other malware that abuses the WSH (Windows Script Host)

Instructions:

You should run the script in the following sequence, at least on a normal machine:
Plug in your infected USB (if any) and choose A, then B and afterwards C.
After these steps, perform a full scan with your installed antivirus product or perform an online scan.

Some tips and tricks:

Using option A, the tool will attempt to clean the infection. It will also fix any registry changes made by the malware. (for example it will re-enable Task Manager should it be disabled).

! When you use option B, be sure to type only the letter of your USB drive!
So if you have a USB drive named G:\, you should only type G
This option will eradicate any related malware on the USB drive, as well as unhide your files (make them visible again).
With option C you can download Panda USB Vaccine to prevent any other autorun malware entering your computer.
With option D you have the possibility to disable or re-enable the Windows Script Host (WSH), to prevent any malware abusing it.

I advise to end the script with Q as to ensure proper logfile closing. A logfile will open automatically, but is also created by default on the C:\ drive. (C:\Rem-VBS.log)

When the tool is running, do not use the machine for anything else.
(it takes about 30 seconds to run)
If VBS malware is found, it will be automatically removed and a copy will be placed at C:\Rem-VBSqt.

Accidentally used an option and want to exit the script? Use CTRL + C to stop it.

More information can be found on my blog post:
http://bartblaze.blo...bs-malware.html
@bartblaze

Speakonia

Thu, 28 May 2015 20:39:55 +0000

A free Text to Speech application.

TDSSKiller

Mon, 30 Mar 2015 16:09:25 +0000

A rootkit is a program or a program kit that hides the presence of malware in the system.

A rootkit for Windows systems is a program that penetrates into the system and intercepts the system functions (Windows API). It can effectively hide its presence by intercepting and modifying low-level API functions. Moreover it can hide the presence of particular processes, folders, files and registry keys. Some rootkits install its own drivers and services in the system (they also remain invisible).

Kaspersky Lab has developed the TDSSKiller which allows removing rootkits. TDSSKiller will scan your system in only about 15 seconds.

How to use TDSSKiller

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt".

SecurityCheck

Sat, 28 Mar 2015 21:29:59 +0000

SecurityCheck is a program that searches for installed and running security programs on a user's computer. After it is finished, SecurityCheck will then display a log file that contains information about the security programs found on your computer and the status of security services such as Windows Firewall.

How to use Security Check by Screen317:

Right-click on icon and select Run as Administrator to start the tool.
Follow onscreen instructions inside the black box. This scan won't take long.
Soon a notepad document called checkup.txt will open automaticaly.

WinUpdateFix

Fri, 27 Mar 2015 18:56:51 +0000

WinUpdateFix is a tool that is able to fix some problems linked to Windows Update.
You can reboot essentials services of Windows Update if they are disabled. You can also restore some parameters, and create a logfile to get more informations.

AdwCleaner

Fri, 27 Mar 2015 18:35:08 +0000

AdwCleaner is a free removal tool for:

Adware
PUP/LPI
Toolbars
Browser Hijackers

MBRCheck

Thu, 05 Mar 2015 18:17:28 +0000

How to use MBRCheck:

Be sure to disable your security programs
Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
A small window should open on your desktop
if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

RootRepeal

Thu, 05 Mar 2015 18:03:09 +0000

Information

RootRepeal is a new rootkit detector currently in public beta. It is designed with the following goals in mind:

Easy to use - a user with little to no computer experience should be able to use it.
Powerful - it should be able to detect all publicly available rootkits.
Stable - it should work on as many different system configurations as possible, and, in the event of an incompatibility, not crash the host computer.
Safe - it will not use any rootkit-like techniques (hooking, etc.) to protect itself.

Currently, RootRepeal includes the following features:

Driver Scan - scans the system for kernel-mode drivers. Displays all drivers currently loaded, and shows if a driver has been hidden, and whether the driver's file is visible on-disk.
Files Scan - scans any fixed drive on the system for hidden, locked or falsified* files.
Processes Scan - scans the system for processes. Displays all processes currently running, and shows if a processes is hidden or locked.
SSDT Scan - shows whether any of the functions in the System Service Descriptor Table (SSDT) are hooked.
Stealth Objects Scan - attempts to determine if any rootkits are active by looking for typical symptoms.
Hidden Services Scan - scans for hidden system services.
Shadow SSDT Scan - counterpart to the SSDT Scan, but deals mostly with graphics and window-related functions.

* - falsified files are files which have their size mis-reported to the Windows API. Some rootkits use this to hide data.

RootRepeal is currently in public beta. Whereas every effort has been made to ensure compatibility with every system configuration on Windows 2000, XP, 2003 and Vista, it cannot be guaranteed. There is always some risk when scanning for rootkits. Before running RootRepeal, please make sure you have backups of all important data and have saved all open documents.

Frequently Asked Questions
Question: What is a rootkit?
Answer: A rootkit is a set of tools or a program that is designed to hide activity on a computer (legitimate or otherwise). A rootkit in itself is not malicious - many antivirus programs and some games (for example, nProtect GameGuard) use rootkit-like technology to hide or protect themselves. RootRepeal does not target any specific product or malware, but simply identifies rootkit-like activity on a computer and leaves the decision of what is malware or not to the user. For more information, please refer to the Wikipedia entry on rootkits here.

Question: How do I install/run RootRepeal?
Answer: Simply run RootRepeal.exe by double-clicking on it. No installation is necessary.

Question: How do I uninstall RootRepeal?
Answer: Delete RootRepeal.exe and (optionally) settings.dat, and reboot. RootRepeal is completely self-contained and no uninstallation is necessary.

Question: How do I know if I have a rootkit?
Answer: Run a system scan using the "Report" tab, and send the log to an expert for analysis. Some good resources are the forums at Sysinternals here, and the GeeksToGo forums here. If you are unsure if something is a rootkit, DO NOT DELETE IT!

Question: Does RootRepeal contain any malware/spyware/adware/other bad stuff?
Answer: Absolutely not! However, some Antivirus products may flag RootRepeal as malware because it is packed (compressed). See the VirusTotal link in the Download section for more information.

Question: What is the SSDT? Why is it important?
Answer: The SSDT is a table that stores addresses of functions that are used by Windows. Whenever a certain type of function is called, Windows looks in this table to find the address for it. However, a lot of rootkits and some legitimate software hooks this table, redirecting these requests. This type of hooking can be used to hide just about anything on Windows.

Question: What is a "system service"?
Answer: System service are a type of program that starts whenever Windows does. Most rootkits are started as a system service. Some rootkits attempt to hide these services so that a user cannot see them.

Question: What is the "Disk Access Level"? Why is it important?
Answer: The disk access level controls how RootRepeal reads the disk to perform the Files and Hidden Services scan. If you experience a crash or unpredictable results when using either of those scans, please change the Disk Access Level to another level in the options dialog. The default level is recommended for most users. If you suspect that you have the MBR rootkit, you may want to change the level to the lowest possible level and run another scan.

System Requirements
Microsoft® Windows 2008 Server; Windows Vista®; Windows XP Professional or Home Edition; Windows 2000 with Service Pack 4; Windows 2003 Server
Note: Only x86 versions of Windows are supported.
128MB of RAM.
600KB of hard-drive space.

https://sites.google...ite/rootrepeal/