Dr.Web CureIt! 7.0 beta-testing

[TheKid7]

Dr.Web CureIt! 7.0 beta-testing

Quote:

Doctor Web released a public beta version of its utility Dr.Web CureIt! 7.0. Dr.Web CureIt! is a popular malicious software removal and system curing tool incorporating all the advantages offered by alternative commercial products from other vendors. The enhanced mode against Windows locker programs and compatibility with other anti-viruses are the key features of this application. The utility incorporates latest IT security technologies that enable it to neutralize even the most dangerous threats......

http://news.drweb.com/?i=2401&c=5&lng=en&p=0

Edit:

Quote:

What's new in this version

A new scanning subsystem that can scan computer disks in a multithreaded mode to fully benefit from multi-core processors.

Significant increase in the scanning speed.

Greatly enhanced stability of the program virtually eliminates the possibility of BSOD ("blue screen of death") during the scanning.

Completely redesigned user interface.

Rootkit search subsystem.

Advanced custom scan features that allow to scan a computer memory, boot sectors, startup objects, etc.

An option to block a network connection during the scanning.

An option to shut down an operating system as soon as the scanning is complete.

Scanning a PC BIOS for "bioskits" — malicious programs infecting a PC BIOS.

http://www.freedrweb.com/download+cu...e/beta/?lng=en

[lodore]

I have been waiting for this for quite awhile now. Not sure if I will test the beta or wait for final thou. the main thing for me is the speed increase.

[treehouse786]

thank you for the heads up. one of my all time favorite utilities.

downloading and testing now

[LoneWolf]

Very nice. Thanks for the heads up.

[TheKid7]

Scan Speed Test (Non-Infected PC):

Windows XP Pro 32 bit
Intel Core 2 Duo CPU
4 GB DDR2 800 RAM
Intel Motherboard (New in 3rd Quarter 2006)
Western Digital RE4 500 GB SATA 300 Hard Drive

Dr.Web CureIt 6.0 (Latest):
Windows System Partition Only
EPM (Enhanced Protection Mode): On
Default Settings Except: Custom Scan C:, Report Only, No Prompts
2012-05-14(15:00) 2855645
Objects Scanned: 78,854
Scan Time: 43:16
Reported Scan Speed: 937 KB/s

Dr.Web CureIt 7.0 Beta (Latest):
Windows System Partition Only
EPM (Enhanced Protection Mode): On
Default Settings Except: Custom Scan C:
Objects Scanned: 82,101
Scan Time: 21:25

What I did not like: No Option for "Report Only".

There were no "False Positives" during the scans.

[TheKid7]

Screenshots:

[TheKid7]

More Screenshots:

[TheKid7]

And some more Screenshots:

[TyRidian]

I am definitely adding this to my security arsenal...It's quite nice. I like the scan speed, the new features and the new look (Looks more modern).

Although a nice program, memory usage jumps pretty high during a scan, but of course this is pretty common while doing such a task.

For a beta, I think it's quite stable.

[TheKid7]

I don't have any "infected" PC's to try it out on. Please provide some feedback on how well it cleans an "infected" PC.

Thank you.

[lodore]

did anyone trying the beta have two processes still loaded after closing the GUI?

[TheKid7]

I hope that Dr.Web will update the scan engine in the Dr.Web LiveCD soon. I like the faster scan speed of Dr.Web CureIt 7.0 Beta.

[TheKid7]

I added "What's new in this version" to the original Post. I found the following new feature to be very interesting:

Quote:

Scanning a PC BIOS for "bioskits" — malicious programs infecting a PC BIOS.

[TyRidian]

Quote:

Originally Posted by lodore

did anyone trying the beta have two processes still loaded after closing the GUI?

Nope, closed right away for me.

[TheKid7]

Does anyone have any feedback on Dr.Web CureIt! 7.0 Beta's Malware cleaning?

Thanks in Advance.

[Kernelwars]

Quote:

Originally Posted by lodore

did anyone trying the beta have two processes still loaded after closing the GUI?

same here

[SergM]

Interview with chief designer.
Sorry need a translation. Use Google for this service

Quote:

We do not use the OS kernel, we do not use the disk subsystem, file drivers, all those that loaded in a real operating system. We have all their own, safe and secure from the external world. To make this work like a clock in reality rather than theory, we needed more than one year. But it is our pride.

http://habrahabr.ru/company/drweb/blog/144399/

[No_script]

Quote:

Originally Posted by TheKid7

I added "What's new in this version" to the original Post. I found the following new feature to be very interesting:

Yes. They are real and out there but it takes much more skill to write them. No ordinary programmer could write them and the ones that do are don't use them because it would raise huge flags with the 3 letter agencies. Most probably used by governments against specific national security targets and enemies.

BTW Dr Web is the beez kneez, they know their stuff. I put them in the same leauge as bitdefender, kaspersky etc

[3x0gR13N]

Quote:

Originally Posted by No_script

Yes. They are real and out there but it takes much more skill to write them. No ordinary programmer could write them and the ones that do are don't use them because it would raise huge flags with the 3 letter agencies. Most probably used by governments against specific national security targets and enemies.

Please stop spreading FUD and blowing the issue of BIOS malware out of proportions.
They're not more difficult to detect, they're not more persistent than todays malware/rootkits and the government is not involved with creation and distribution of said malware (or, not more than other government "projects").

People can read about the Bioskits in these PR driven yet informative analysis:
http://blogs.norman.com/2011/malware...lashing-trojan
http://www.symantec.com/connect/blog...-showing-again
http://news.drweb.com/show/?i=1879&lng=ru&c=14
http://blog.webroot.com/2011/09/13/m...t-in-the-wild/


And UEFI: http://blogs.msdn.com/b/b8/archive/2...m-malware.aspx

Quote:

When you use a PC that supports UEFI-based Secure Boot (defined in the UEFI 2.3.1 specification), Windows secured boot will help ensure that all firmware and firmware updates are secure, and that the entire Windows boot path up to the antimalware driver has not been tampered with. It does this by loading only properly signed and validated code in the boot path. This helps ensure that malicious code can’t load during boot or resume, and helps to protect you against boot sector and boot loader viruses, as well as bootkit and rootkit malware that try to load as drivers.