AVERT tool suggestions?

[weirddemon]

As many of you know, I released a free tool a little while ago called AVERT. You can view this tool at my website here or the WSF post here.

I've received some decent feedback so far and there hasn't been a whole lot of issues, which is great. So, I wanted to expand on the tool a little bit more to help advanced users fix additional issues caused by viruses.

Which is why I'm here

I'd like everyone's suggestions about what type of individual tools would be useful in this regard.

I'll give a couple of examples. When viruses infect a machine, they often screw with internal settings that stay even when the virus has been removed. Two specific things I can think of off the top of my head is IE proxy settings and the windows hosts file.

So, two of the first individual fixes I plan to implement are the ability to automatically reset IE proxy settings and the ability to reset the windows hosts file.

So, any other ideas?

Thanks

[tk55]

to me the most troublesome is trying to get windows firewall service and windows security centre to work properly again. so far i'd failed 100% and had to reinstall windows. it would be great if your software can fix that automatically

[curious george]

i said this before, but maybe adding more "manual" tools. I'm not sure if your farmiliar with auto it, but, maybe it can be configured to download, install and run tools like mbam, kaspersky virus removal tool, super antispyware. It would greatly increase the strength of the scanners as well.

Also, you can incorperate fixes as the previous poster stated, kinda like super antspyware does with is fix task manager, fix registery, you get the point.

[curious george]

Sorry for the double post guys, but another thing came to mind.

Registry back ups. Especially since your using A2, with heuristics on, he possibility of it being a false positive is high (had it happen to me), and render the computer somewhat useless.

[Kyle1420]

Detailed task manager

[Noob]

Quote:

Originally Posted by curious george

Sorry for the double post guys, but another thing came to mind.

Registry back ups. Especially since your using A2, with heuristics on, he possibility of it being a false positive is high (had it happen to me), and render the computer somewhat useless.

This is what i thought, but if it deletes viruses settings and then you restore them back again? (Well the virus might be deleted but who doesn't likes to know that even their registry entries were removed )

[weirddemon]

Thanks for the suggestions guys. It's been super helpful so far.

Quote:

Originally Posted by tk55

to me the most troublesome is trying to get windows firewall service and windows security centre to work properly again. so far i'd failed 100% and had to reinstall windows. it would be great if your software can fix that automatically

That's a great idea. I'll look into what's required and see what I can do. I'll send you a PM if I can get it figure out. Thanks!

Quote:

Originally Posted by curious_george

i said this before, but maybe adding more "manual" tools. I'm not sure if your farmiliar with auto it, but, maybe it can be configured to download, install and run tools like mbam, kaspersky virus removal tool, super antispyware. It would greatly increase the strength of the scanners as well.

...kinda like super antspyware does with is fix task manager, fix registery, you get the point.

Registry back ups....

Could you elaborate a little more on the AutoIt suggestion? I'm a little confused. Do you think I should include it or something like it, that allows the user to create their own... plugin? Or something like that?

I'll look into SUPERAntiSpyware's tools to get some ideas. Thanks

Quote:

Originally Posted by Kyle1420

Detailed task manager

Eventually, I'd like to add this in. I've actually made something like this before and for the most part, it ran rather well. The problem was that it was a huge memory hog and that was hard to manage

I actually hadn't thought about registry backups, but I think I can manage that.

[curious george]

AutoIt is pretty much a script, that'll do what you want it to.

So lets say in the "manual tools", you check mbam and sas...you can code autoit to download, install, scan, and remove your infections.

It'll script everything out for you. So the user has the "click n go" feature we love about this tool.

You can use auto it to do everything for you.


http://www.autoitscript.com/autoit3/index.shtml

I'm pretty sure its free, and its pretty awesome actually.


Anyway, the tool can be used to do everything, and if you could pick up on it, it'll broaden the ability of your tool. you can then go into tools such as kaspersky antivirus removal tool, have the browser download it, install it, configure its settings, and scan with it.

[DasFox]

Quote:

Originally Posted by tk55

to me the most troublesome is trying to get windows firewall service and windows security centre to work properly again. so far i'd failed 100% and had to reinstall windows. it would be great if your software can fix that automatically

Now this is your fault, anytime someone is developing something new TWO THINGS!

1. Make an image of your system...
OR
2. Use a VM like VMware or Virtualbox...

No crying about how your box got hosed when you should know better...

[weirddemon]

Quote:

Originally Posted by DasFox

Now this is your fault, anytime someone is developing something new TWO THINGS!

1. Make an image of your system...
OR
2. Use a VM like VMware or Virtualbox...

No crying about how your box got hosed when you should know better...

I don't think he was saying that this is something AVERT messed with. Mainly because AVERT doesn't affect those parts of the OS.

If I'm not mistaken, he's saying that after a virus has screwed those parts up, he can't seem to fix it without an FFR. He'd like AVERT to fix those issues if they exist, not that AVERT caused them

I think. Or at least I hope so. I wouldn't know how AVERT caused the issues if it did

[weirddemon]

Hey everyone. I added a bunch of new features to AVERT and v2.0 is out.

tk55, I'm still looking into your issues, but I was able to add some other requested features, such as registry backups.

http://www.avertsoftware.com/downloads.html

Thanks again

[tk55]

Quote:

Originally Posted by weirddemon

If I'm not mistaken, he's saying that after a virus has screwed those parts up, he can't seem to fix it without an FFR. He'd like AVERT to fix those issues if they exist, not that AVERT caused them

thanks weirddemon, that's exactly what i meant.

looking forward to see what you can come out with

[CloneRanger]

I know you have Emsisoft incuded already, but could you also make use of this ?

Emsisoft BlitzBlank

http://www.blitzblank.com/en/software/blitzblank

Just a suggestion !

[curious george]

Not sure if i read incorrectly , but are you adding 3 MORE scanners?

[weirddemon]

Quote:

Originally Posted by curious george

Not sure if i read incorrectly , but are you adding 3 MORE scanners?

When I had 7 scanners, I was looking into 3 more. As of right now, I added 1 more, making the total 8.

It looks like I might be able to add 2 or 3 more later.

[Boyfriend]

@weirddemon: Thanks and congrats for wonderful tool. With eight scanners and one thorough scan should be enough to remove every nasty out there. Keep on good work

[Searching_ _ _]

The ability to choose individual engines and scan at various strengths.
One window for everything, no pop ups of more windows.
When scans begin, no window always on top, but in AVERT program window.

This is what I was thinking it should be like when using your program.

[weirddemon]

Quote:

Originally Posted by Searching_ _ _

The ability to choose individual engines and scan at various strengths

That feature is already there. Could you elaborate more on what you mean? If you check out the How To page, you'll see in step 7, that the Options window allows you to check each scanner you'd like to use and if you select a scanner, it's "Advanced Configuration" box appears below the scanners. Here you can choose, "Thorough", "Blended" and "Minimal" scans. This gives you the ability to customize how each scanner runs, so they're not all at Maximum, even if you run them all.

Quote:

Originally Posted by Searching_ _ _

One window for everything, no pop ups of more windows.

I've tried making the GUI as simple as possible and even made a how to video and web page. The GUI I'm using at the moment, should be intuitive enough for most people to understand and provides the best UI for expandability. If I just throw everything on one page, even in tabs, it will get cluttered very quickly. Especially when adding more features. If I did this GUI, then I'd have 9 tabs. But, if I did the whole, "tab-within-a-tab" thing, that help less the tabs, but would look cruddy.

So, for now, the GUI's staying.

Quote:

Originally Posted by Searching_ _ _

When scans begin, no window always on top, but in AVERT program window.

I don't understand. Could you elaborate?

Thanks for the feedback, Searching_ _ _

Quote:

Originally Posted by Boyfriend

@weirddemon: Thanks and congrats for wonderful tool. With eight scanners and one thorough scan should be enough to remove every nasty out there. Keep on good work

Thanks. I appreciate the support.

[Searching_ _ _]

As I see it there are 5 core needs to be fulfilled by your program:

1. Initiating scans
   
   • Anti-Virus Scanners
     
     • Depth
       
     • Update
       
   • Ccleaner
     
     • Strength
       
   • AVERT Registry Tool
     
     • Depth
       
2. Installing scanners
   • Downloads
3. Reports
   
   • General Statistics
     
   • Specific Scan Report List
     
4. Backups
   
   • Import
     
5. Tools

Scanners:

In the "Run Scans" window, with all AV's, Ccleaner, AVERT Registry Tool choices present and the ability to be selective in scan depth will satisfy all of your requirements for Complete, Blended, Quick and Custom in a single window. The main "Run scans" window can be the Custom window, then you can add Complete, Blended, and Quick as buttons similar to "Run Scans" button to the bottom that will have programmed choices for the engines. When you click "Complete" it will highlight its choices; When you click "Blended", it will highlight those choices. Ccleaner and ART can operate depth independently of the scanner depth. It will be plain to the user what they are getting into without having to read or see a How To.
Next to or under "Complete" and "Quick" for each scanner you can have the estimated time to complete that rows depth choice.

Avert Signature Settings:

This can be handled in a configuration file similar to how Sandboxie uses a config file, accessed by a button that calls up notepad, no need for the window IMO. This will be a feature that doesn't get much use but can be called up when needed.

Install AVERT Scanners:

This is good to be it's own window as it clarifies that you need to download each scanner.
It should also have the estimated file size associated with each download option. People have varying qualities of internet service and will be able to custmize downloads for their internet access quality.

Reports:

This is good to be it's own window and is obvious.
A need for individual scan AV reports is a priority over general info, IMO. It could be an additional list item that can call up an individual scan report.

Statistics, this is the overall general view of the detections saved as xml.

General statistics and Specific AV reports, side by side or top down views, both persistent.

Backups:

This is good to be its own window with a list of registry entries that can be imported should there be a problem.

For the PE Environment there should be a hex editor, UBCD4Win uses Tiny Hexer, there may also be other hex editor plugins available.

Developing isn't easy because one choice today can create a mountain of work tomorrow.
Explaining your perceptions and insights is challenging as well.

Quote:

Originally Posted by weirddemon

Quote:

I don't understand. Could you elaborate?

After you "Run Scans", an always on top window provides the status of current actions when it is obvious with the cmd window that somethings going on. This status info can occur inside of a non disappearing AVERT program window.

[DasFox]

I'd love it if this could be a multi-engine scanning app, not just one scanner at a time...

But, hmmm could that be possible or multi-engine scanning needs to go Cloud based...

Hmm


Multi-Engine scanning is the future.

[curious george]

Quote:

Originally Posted by DasFox

I'd love it if this could be a multi-engine scanning app, not just one scanner at a time...

But, hmmm could that be possible or multi-engine scanning needs to go Cloud based...

Hmm


Multi-Engine scanning is the future.

I think multi scanning engines would be extreamly heavy on the system. If the idea were to ever be put into play, i'd most likely be with cloud.

[DasFox]

Quote:

Originally Posted by curious george

I think multi scanning engines would be extreamly heavy on the system. If the idea were to ever be put into play, i'd most likely be with cloud.

Yep heavy on the system...

But multi-engine scanning is the future.

When you have an infected system, well, what do you want to do, is the question, quick or complete scans?

Problem here is many people will do quite a bit of complete scanning and quick, but when you do quite a few of those complete scans, boy you can really consume a lot of time.

Many of the engines in Avert are extremely slow. As a test last week I put it on a full/complete scan of all engines and 7 hours later it was still not done. But we can't blame the developer for this, his hands are tied...

With a program like Avert you need good and fast engines but with it being limited to how many CLI scanners are out there, it doesn't leave many choices, which is the downfall of this application, not enough, better engines to pick from and use instead.