ADinf32

[FanJ]

The purpose of this thread is to give you some info about ADinf32.

ADinf means Advanced Diskinfoscope.

The site:
http://www.adinf.com/

You might like to consider ADinf32 as a file integrity checker.
It will build up a database (table) of the files on your system.
It will warn you about file changes, new added files, and deleted files.

ADinf comes in several versions.
ADinf for DOS.
ADinf32.
ADinf32 Pro.

This thread is about ADinf32 (for Windows).

ADinf32 and ADinf32 Pro are not free.

The main difference between ADinf32 and ADinf32 Pro is that the Pro version can use a stronger HASH algorithm: LAN64.

[FanJ]

I will try to give you an impression of ADinf32 by giving several screenshots of the program.

Please keep in mind :
Screenshots are taking from a Windows 98 SE system.
The Windows version is a Dutch version, so a few lines might be in Dutch.
I have edited out several private parts in those screenshots.

[FanJ]

As for any advanced program, there are lots of settings that you can change.

It is all up to you which settings you like.

In the screenshots some settings are the default settings, some are changed.

[FanJ]

Of course the Helpfile gives you also lots of information.

[FanJ]

OK, here we go.

I start ADinf32 manually and get the following screen

[FanJ]

Clicking OK gives this

[FanJ]

Before I let ADinf32 scan my system, I would like to give you some screenshots about its settings.

So for the purpose of this learning thread I click Options.

I get the following screen.

Note:
The Dutch words "Eigenschappen voor" are in English "Properties for"

[FanJ]

I click the Properties button to give you an impression about the available settings.

I get this screen.

Again: I would like to warn you that I have edited out several parts in all the following screenshots.

[FanJ]

Now I am going to give you screenshots of all those available options.

This one is for the settings of :
which file types you want ADinf32 to check for,
and which HASH algorithm it will use.

[FanJ]

Here comes the menu for the drives settings.

A very important option is: Drive Acces Type

As you see, I have chosen BIOS Call on my W 98 SE machine.

This is one of the most important parts of ADinf32 !!!

Here are coming quotes from the Helpfile:

Disk Access Methods

ADinf32 checks a drive by reading disk sectors and parsing its file system. There are several ways to read disk sectors referred to as disk access methods. A brief explanation of the existing methods is given below.

Windows 95/98 and OSR2 offer three access methods:

· Access via BIOS
This is the fastest and most reliable method used by default for the majority of drives. Disk sectors are read by direct calls to BIOS virtual image for Windows’95 16-bit tasks.
· Access via Int13h
Sectors are read via the 13h interruption. This method is used when a disk cannot be accessed via BIOS.
· Access via VWIN32
The sectors are read through calls to vwin32 virtual driver that provides 32-bit applications with an interface for direct access to logical drive sectors. This method can be used to access compressed drives or drives that, for some reason, cannot be accessed via BIOS or Int13h.

Under Windows NT ADinf32 supports two access methods:

· Physical Drive Access
Disk sectors are read via calls to a physical disk driver. This method is the fastest and most reliable. It is used by default for the majority of drives.
· Logical Drive Access
Disk sectors are read via calls to a logical disk driver. This method is used when a disk cannot be accessed as Physical Drive.

Notes.

1.*To perform disk scan under Windows NT, you must have the Administrator’s privilege.

2.*ADinf32 sets optimal access methods for logical drives. Change these settings only if a drive cannot be accessed via the default method.

=== end quotes ===

[FanJ]

The menu for the exclusions:

[FanJ]

The menu for so-called stable files.

Any change in files marked as Stable, are treated as suspicious.

[FanJ]

The menu for more common settings

[FanJ]

The menu for your log settings.

I myself move my logs manually to another place where I give them a date, and -depending on how important the changes were- some more info.

[FanJ]

The type of Analysis I want ADinf32 to perform.

[FanJ]

The menu where you can tell ADinf32 to cooperate with an Anti-Virus program.

[FanJ]

Well, so far I have shown you the menus where you can set up your ADinf32.

Now I am going back to the actual scanning.

Here is a screenshot of ADinf32 doing its scanning.

[FanJ]

The scanning is ready.

ADinf32 pops up with a warning that there might be a virus.

Well, I knew that there wasn't a virus, but it gives you an impression of a warning.

As with all these kind of scanners:
It is the user who has to decide whether a change is legit or not !!!

[FanJ]

Now I click away that previous screen, and I get the main summary info window of ADinf32 after its scanning.

[FanJ]

Now I want to see the changes, so I click All.

Part of the screen is shown in the following screenshot.
Some parts are edited out by me (I told you before that I would do that).

You see two files marked with a red !.
Those are the files that ADinf32 warned me about.
Both files are Outlook Express folders.
I knew already that there was nothing wrong with them.
But once again: as with all these kind of scanners, it is the user who has to decide whether a change is legit or not.

BTW: the Dutch word "verzonden" is in English "sent".

[FanJ]

OK, let's say I want to have more info about that changed OE file "Verzonden items.dbx"
(sent items in English).

I right click on it and get a new window.

[FanJ]

The changes info tab for it:

[FanJ]

And the Warning tab for it.

[FanJ]

I could go on with other examples about file changes (changed files, new added files, deleted files).
But once you know how things work for different programs, you will be quite familiar with changes.

[FanJ]

OK, I have seen all changes.
So now it is time to exit it.

I get this screen