NoVirusThanks Anti-Rootkit v1.0

Your initial statement is total BS again you are misinformed, obviously unaware.

All programs will have bugs. Wether they are serious enough to impact on use or unrelated to the intending job that it was designed to do. Over the years RkU, RootRepeal, KD... releases have been put out stable, I know I've used them as has many malware removal forums.

RkU had its own forum and I've seen EP answer questions in many others. Before KernelMode EP_X0FF resided at a few forums such as Sysinternals for years and helped not just RkU related but development and internals, malware and their tools, kudos to EP_X0FF.

KernelMode.info came about because of the trolling in the Sysinternals malware section. It is a place for discussing on rootkits, debugging, reverse-engineering, malware analysis, and other related topics without fear of flooders and trollers. It was kindly set up by ad_13 dev of antirootkit RootRepeal. EP_X0FF (RkU ark) is a mod as is GamingMasteR (Kernel Detective ark) as are some very experienced people mods, confirmed users and members.

You are very misinformed if you don't think there wasn't any support for those tools before KernelMode.info.

BS. Have I ever used these tools under malware infested hostile environment?..Mage, I have two jobs I investigate live malware cases, pen test, reverse engineer software and hardware, and a part time Lecturer getting students through their computer engineering course what your saying above is wrong and FUD as many other experienced users would agree and again the helpers at dedicated malware removal forums that use these very tools.

As for my intensions I only came back to respond that the free version is stunted and ineffective.

I don't want to revert any thread to a toing and froing of words like this as they quickly result in going down hill, so I will revert to not commenting unless something changes with this tool.

 

You've made far too many wrongful assumptions about my views to correct so I will basically dumb it down for you Mr. Lecturer of Computer Engineering.

[1] All programs will have bugs, 100% agreed. It's the bug criticality that is the difference in my honest opinion. Constant BSODing is unacceptable especially after years in the making one would think and I don't want to hear the technical challenges that an anti-rootkit author faces, this tool is perfectly stable running on the same machine with the same samples.

[2] These tools had some form of forum support with Q/A sessions prior to kernelmode.info website. I never said otherwise but that's not "dedicated" support when the support link for these Free tools changes constantly between sites, most of which ended up being canned (Ask your idol EP about his old narod site, it's been down for years!)

[3]

You must be delirious because only one or 2 small features are stripped from the Process tab in the Free version of NoVirusThanks Anti-Rootkit leaving intact all the other features included in their commercial product. You call that grounds for being "stunted" and "ineffective"?

[4] If you think that other tools are better and that other programmers are more capable then by all means list comparison charts in controlled environments while running new-age rootkit samples. I have already tested over 20 samples since this tool's public inception, can't wait to share my results because it will surely surprise you.

I think I have said enough, all you know how to do is complain without any solid shred of evidence about what you're even talking about. Quit being a troll yourself and a fellow RKU fanboy. Refer to the screen shot that NoVirusThanks posted, RKU failed to detect what appears to be 2 stealth drivers! If you trust your PC to this tool then apparently you are the one who is truly unaware. Nuff said.

 

I've said it before, there is no best antirootkit only an up to date tool.

I've already said my piece and will not be goaded by comments about my job, RkU fanboys and idols (LoL) into a war of words. You are misinformed and giving out wrong statements, the facts stack up for themselves.

Now before there's any warning I will stand by all that I've said and leave it there.

 

Completely agreed.

If the spreading of misinformation is a disease then I have long been vaccinated I as well do not plan to comment any more about this since arguing over the internet is like winning the special olympics {...} Well, I am sure you know the rest of the expression and I don't care to be labeled as such. Happy trails and good luck in your future endeavors.

 

From paid to 24hr trial, to 7 days trial, (limited) free, and no trial for the paid any longer...What the hell?

P.S. I know I know I can get the free version, but that isn't the point...the developer no longer posts here either...I guess just a flash in the pan.

 

@Tarnak

Demo licenses have been disabled when we released the free version

@

We should release in the next week the new version 1.2 that will have a lot of new features, I made a small video preview of NVTArk that detects and remove the new Black Energy 1.2+ Rootkit:

Detection and Removal of Black Energy 2.1+ Rootkit
-http://www.youtube.com/v/RiIztE0IqsA?fs=1&hl=en_GB&rel=0-

Detection and Removal of Rustock Rootkit
-http://www.youtube.com/v/f73edHo6_30?fs=1&hl=en_GB&rel=0-

We may open a new thread here for the new version.

 

Another tests with hidden process = good http://img821.imageshack.us/img821/5037/51292300.gif

Can add 'Maximize' option pls ?

A 'secure file delete' wold be a good option to have aboard

 

NoVirusThanks Anti-Rootkit Pro v2.0 has been released:

[Changelog] 12.01.2011

+ View Loaded Modules->Inject a New DLL
+ View Loaded Modules->Force Unload Module
+ View Loaded Modules->Reboot Delete File
+ Processes->Start new Process with DLL
+ Added Additional Right-Click Menus
+ Detection for Black Energy 2.1+ Rootkit
+ Tools->File Delete
+ Tools->Copy File
+ Tools->Copy Folder
+ Tools->File Hasher
+ Tools->Timed Remote Report + Send Log to Email
+ Tools->Send To FTP (send a file to remote FTP)
+ Use Grid Lines for ListViews
+ Optimized Processes Behavioral Analysis
+ Verify File Signature
+ Export data as HTML and CSV
+ Mark in orange possible keylogger activity in Message Hooks
+ Fixed FPs for MBR Scan
+ Global Descriptor Tables (GDT) Hooks
+ Autorun.Inf (Scan all removable devices and the system for autorun.inf)
+ Hosts File (View, edit and reset hosts file)
+ Hidden Modules (Any Hidden Modules in any Process can now be seen here)
+ Hidden Modules->Force Unload Module
+ Hidden Modules->Dump All Module Memory
+ Registry Startups (View common registry startup entries)
+ WinEvent Hooks
+ Start with Windows
+ Minimize to System Tray
+ Maximize GUI
+ Other additions and optimizations
+ Minor changes

More details:
http://www.novirusthanks.org/news/article/novirusthanks-anti-rootkit-pro-v2-0/

 

Website (Identity hidden)

"Here is a list of engines that can be used:
PcTools Browser Defender, Norton SafeWeb, MyWOT, Threat Log, MalwareDomainList, hpHosts, ZeuS Tracker, Google Diagnostic, PhishTank, Project Honey Pot, ParetoLogic, Spamhaus, URIBL, Malware Patrol, SURBL, SpamCop, Finjan TrendMicro Web Reputation, Web Security Guard, AMaDa, DNS-BH, joewein.de LLC, Spamhaus, DShield.

At end of july 2010 we have integrated a new tool URL & Link Scanner that makes use of the engine of NoVirusThanks Scanner to scan a link, provided by the user, with multiple Antivirus engines to facilitate the detection of possible malicious code such as hidden iframes and evil javascript code. It can be used also to scan remote files such as executables or PDF files. In this service we can use the following engines:
a-squared, Avast, AVG, Avira, BitDefender, ClamAV, Comodo, Dr.Web, F-Prot, Ikarus, Kaspersky, NOD32, Panda, TrendMicro, VBA32, VirusBuster."

All of these engines?

 

Had a play with it not long ago. Found it waaay too complex. NotForMeThanks

 

There are one or two free alternatives listed here:

http://www.technibble.com/forums/showthread.php?p=163639