NoVirusThanks Anti-Rootkit v1.0

CloneRanger, thank you for the feedback

We'll add that option

Probably because it's not a full pathname

 

novirusthanks , what interest is there in a paid ark, yes you could make money but not in this incarnation.

edit : ep_x0ff spells it out well at kernelmode.info http://www.kernelmode.info/forum/viewtopic.php?f=11&t=436

 

Meriadoc I do not agree with what ep_x0ff wrote. Our ARK is not a "simple paid standalone software" and I do not think that all ARKs must be free. We offer to our users a stable anti-rootkit software, vast detection range, official support for 4 major NT operating systems, free technical support, frequent updates. Also please take in mind this is the very first version 1.0 of the product, we have plenty of features to add. We will extend the trial period to 7 days later today.

 

Relative, quick scan gives me BSOD sometimes. Good luck on NVT.

 

Odd. I have been using NoVirusThanks Rootkit since I announced the trial and I have found it very stable even with quick report mode. What stop error are you getting and do you have a mini dump? I have tested many samples that they don't even list and it's detected all but 1 I must say, tested 13 so far and 1 of which is not ITW and RKU and Kernel Detective failed to detect the rootkit presence completely!

If anyone wants screen shots I can upload to fileshare. I have yet to encounter any usermode access violation or system BSOD with this antirootkit. I will be on standby if needed. So far I am definitely impressed

Meriadoc what OS are you running and is it in a virtual machine? I have tested in vm mode and 2 native systems.

 

Not odd at all, with certain situations and testing techniques I'm pretty sure I've found a few bugs, I've pretty much fuzzed the hell out of it in a short time. Saying that as NVT ark stands atm my stance is pretty clear, as all comments good or bad are promoting, this will be my last public discussion - I will wait to see what NVT ark turns into which may then change my viewpoint.

edit : edited post 27 to include kernelmode.info link

 

Sample is coming,Black Energy 2.1

NVTArk miss it

 

There are lots of anti rootkit tools more powerful and free

below is NoVirusThanks Anti-Rootkit scan report

 

egomoo, appreciated your test, did you rebooted when you first ran the ark and did you tried also the "Drivers"->"Hardcore Scan" option ? I tried the sample GootKit 2.1 and it is detected correctly, see the attached image:

 

WTF. I've been uploading malware to:
http://scanner2.novirusthanks.org/
For a long while now, they want me to collect the malware for them (do their work) and pay!?

Here's a pun, Nothanks.




EDIT:: I wonder what other Antivirus companies think of this.... Their using other companies scanners to do the work.

 

The sample is from kernelmode.info,the temp.rar you could download it from there.

There is a file named DATEA0B.tmp.exe in the rar.

I reboot,and now retest by using "Hardcore Scan",but also failed.

 

Quick test KAV IS 2010 + MBAM + SpyBot + PEGuard + NvtAntiRootkit = no conflicts = good

VM (rootkit) + RootkitUnHooker + NvtAntiRootkit = good

http://img221.imageshack.us/img221/9329/22rootkit.jpg

24/hour trial is very limited, extend it ?

 

Interesting screen shot and I noticed rootkitunhooker not detecting either 2 stealth driver sample(s)? I take it there is more than 1 in that image What sample was this I have not tested rootkitunhooker with much lately because it is too unstable especially running on a native system while running in unison with VMWare in the background, it always locks up the native OS when running VMWare in the background upon the anti-rootkit loading. The dialogue always says "Wait few seconds... Initializing" but never actually initializes in this case (with VMWare running separately). I need to file a bug report I guess with the author somehow.

Nonetheless, good job. Look forward to you furthering the anti-rootkit even if it is pay-for

 

We have released a free version (personal use only) of the ark, you can read comparison table and download the setup file from the product page:

http://www.novirusthanks.org/products/novirusthanks-anti-rootkit/

 

Thanks for letting us know

Unfortunately the free version is stunted.

I understand the others but these are omitted from the free version

 

Meriadoc, we've just released version 1.1.0.0, free version has now enabled "Stealth IRP Hooks" and "Master Boot Record (MBR) Analysis", it misses only "Smart Process Termination + Delete File" and "Reboot Delete File" in Processes right-click menu

 

Why?..some important features missing imo, o' I suppose it keeps NVT discussed,..so tomorrow you will tell me they've been added?

Terminate or a Forced Kill, Delete and Wipe should be included, mandatory!

NAT

 

Meriadoc No intention to keep NVT discussed, just wanted to notify about updated version, we have no plans for now to update the free version No need for you to reply here if not strictly necessary

 

I apologize for the loaded question (knowing the answer) but what use is this ark without those missing strictly necessary features.

 

Well from Totally paid, to 1 day trial, to 7 days & then limited Free & now even less limited Free, i say at least they do listen and act quickly to requests etc

As they are obviously hoping to be a paid app & try and make a living from it, or partially to some extent anyway, i don't think we can expect them to give the full version away, i mean would you if it were your business !

So for what you've offered so far for free, & not forgetting the other things you already provide for free too

Someone has to help pay the bills, bandwith etc isn't free

 

Leaving those out makes the free version pretty ineffective.

 

Personally the ark would be free not shareware. For NVT it would be different if the tech was a part of something else but as for a stand-alone tool that offers less or no improvements over existing technical knowledge, yes of course it would be free.

Frankly EP hit the nail on the head in his last post about it

 

I think EP hit the nail on the head after missing quite a few times User NoVirusThanks is only asking for payment for their commercial version and it pays into user support, frequent updates and things of this nature from what I can see. I don't see anything morally or ethically wrong with charging a small amount for these luxuries, don't you pay for at least one security software? Most people do you know, not everything is always free regardless of free alternatives. They're not all carved out of the same stone. Where is the real user support for existing antirootkits? Where is the frequent updates or program stability, OS compatibility etc?

I think the fact that NoVirusThanks is actually listening to people on this forum and implementing requests in a timely manner is fantastic.

 

At first there was just a commerical antirootkit program. Now, there is also a stunted free version...

As for EP's posts he's spot on.

You are uninformed The antirootkit developers for example that reside at KernelMode.info have always offered free support and kept their tools up to date...and stable.
Wether it was at their own forum, Sysinternal's forum or many other places...and now KernelMode.info.

 

Meriadoc:

KernelMode.info has only been in existence since early April of this year, some of these antirootkits have been around for many years. That site is also mainly a security information sharing forum. If you read posts there or even on other forums (Google search) the majority of these Free tools are littered with bugs, crashes, blue screens etc. I think you are misinformed to tell me how stable these tools are when their track record says the complete opposite

Have you ever tried running these tools under a malware infested hostile environment? Most of these tools do not even run correctly, report information correctly and some do not even run at all! I have a large archive of nothing but crash reports for these tools but instead of offer product names I will digress as I would not want to single out any particular author or product as this would be unclassy and distasteful.

Quoting the "NoVirusThanks Anti-Rootkit" Help File...

How can that statement even be challenged? Rhetorical. Product stability, frequent updates, and a rich feature set coupled with "dedicated" user support are worthy selling points for what I would suspect would be the majority of end users

You have made it blatantly obvious that you do not care for pay-for antirootkit software and this would be your sole motive to continue to post in this thread it seems, this is fine and you are entitled to your own opinion of course but if you don't like it do not use it. The author has made provisions and catered to your concerns by creating a very fair Free version of this antirootkit for the public. What else can they possibly do to earn your gratitude for at least listening to you?