Automatic Virus Eradication & Removal Tool

Discussion in 'other anti-malware software' started by weirddemon, Oct 3, 2010.

Thread Status:
Not open for further replies.
  1. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Automatic Virus Eradication & Removal Tool - UPDATED: v1.0

    Hey everyone

    TLDR

    Virus problem? No problem! AVERT is awesome. Download this and look over this. Please remember to unzip AVERT before running

    Long version:

    I've been visiting Wilders Security Forums for the past few months, but haven't actually registered an account until today. I did so, so that I could share with the community a tool I created, in hopes that it would be useful to all of you.

    My tool is called "Automatic Virus Eradication & Removal Tool" or AVERT for short.

    I used to work for Best Buy's Geek Squad and they had an internal tool called L.A.S.E.R. I can't remember what the acronym means, but it was this amazing tool.

    It's sole purpose was to run hardware and anti-malware scans and if the customer paid for it, the tool would remove all infections found. The greatest thing about it, was that it utilized a bunch of different command line scanners to remove viruses automatically.

    The key word here, is automatically. I'm sure most of us has had family members and friends bring us their computers when they had a virus and to remove viruses, we have to run several different scanners just to make sure it's clean.

    Which means this:

    1. Install scanner one and pray it installs.
    2. Update scanner and pray it updates
    3. Run scanner
    4. Walk away
    5. Come back, realize it isn't done and come back later
    6. Repeat step five
    7. Success!
    8. Repeats steps 1 through 6 for each scanner.

    Pretty annoying, huh?

    This is almost always the exact process we use anytime a computer is already infected. Antivirus apps are awesome and most of them do a great job, but once a machine is infected, it's highly unlikely one app will completely clean it.

    So, don't you think it would be nice to have a tool like Geek Squad's L.A.S.E.R. and not pay 200 USD for each scan?

    Yeah. Me too.

    This is why I made AVERT.
    http://p1cture.me/viewer.php?file=98060288663714388098.jpg

    AVERT utilizes 7 command line scanners to fully clean an infected machine. You can choose to run 1 or all 7 scanners and then each scanner has additional options:
    http://p1cture.me/images/61484547092185191213.jpg

    AVERT also utilizes CCleaner to clean temp file locations.

    Each app used in AVERT is free and does not have to be installed. These are the steps you can take now:

    1. Run AVERT
    2. Select 'Complete Scans' & hit run
    3. Success!

    More or less anyway ;)

    This is AVERT's Order of Operation:

    1. Create temporary directories
    2. Unzip CCleaner (If applicable)
    3. Run CCleaner (If applicable)
    4. Unzip scanners
    5. Update signatures for selected scanners
    6. Run scans
    7. Log results

    The logs are kept on the machine and you can use AVERT later to view the logs to see how many infections were found for each scanner and how many infections each scanner removed. The totals for all are also shown.
    http://p1cture.me/images/39294102105388800064.jpg

    AVERT is supposed to make our jobs easier and free. At the moment, I am uploading AVERT and once it has been uploaded, I'll post the link here. The entire package is somewhere around ~300MB. That's not an ideal size, but you'll only have to download it once. Once you download the ZIP file, AVERT can be extracted and you'll have one folder name AVERT that contains all of the necessary files. Anytime AVERT needs updating, you'll just have to replace the executable.

    Please read before downloading

    AVERT is free, but what I'm releasing it still in the testing phase. I've successfully tested it on a Windows XP, Windows 7 & and Windows Vista machine. But, everyone's setup is different and I need feedback to make sure this tool works perfectly. If you encounter any problems, please take a screenshot and post it back with a description of the issue and if possible, your DirectX file.

    The logging feature for AVERT is not yet perfect and will take some time to finish it up.

    All of the scanners in AVERT are free, but there are two exceptions. 1. Panda does not provide free signatures. AVERT does include some signatures, but for the latest signatures, you'll need to purchase a license, any license, from Panda and save your credentials in the settings window. 2. AviraAntivir command line scanner is also free, but you need to purchase a license in order to use it. In Avira's directory, you'll find a license file (HBEDV.KEY). You'll need to put this file in the AviraAntivir command line zip file (\AVERT\Scanners\AviraAntivir\scancl.zip).

    I think that's it! Using AVERT is super easy, but if you have any questions or problems, please let me know.

    Thanks!

    Download AVERT v1.0 and look over this. Please remember to unzip AVERT before running
     
    Last edited: Oct 8, 2010
  2. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    This is really great weirddemon!

    Recently I have been looking for a program or front end to allow you to run multi-engines at the same time and do more in less time.

    I'm a Tech and cleaning infected boxes is a big part of my job.

    If I may make a suggestion right from the start, I personally would only place in it free engines to use, then create one if you like for paid engines. Unless there aren't many free ones you can use?

    Also something that would really be awesome is if you could make this more of a front end, so the end-user can install into the Avert directory their own AV apps of choice and then load them into the Window and check mark to use them, this way it would be really customizable. After all, everyone has their own likes and dislikes. I'd really love it if I could install the engines of choice I like and use, but do the AV apps need to have a cmd line option in order for this to work?

    THANKS
     
  3. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Thanks for the feedback already, DasFox. I hope AVERT can assist your needs when you get a chance to run it. The upload should finish within an hour or so. The upload is always slower than the download ;)

    Of the 7 free engines, only AviraAntivir can't be used without paying for it. Panda has allowed me to include a batch of signatures with it so it can be used, but regular updates have to be paid for. Also, Avira is small and won't affect the download size by more than a few MBs. Other than that, not paying for it won't affect the usage either way.

    As for a front end, I think I can make that work. But, I would have to make so that it could only support a set number of scanners since the scanner must have a command line option. Which would take some time, but may or may not be possible. There are a ton of paid apps that have a command line scanner and can only be used if you pay for it, but often requires installation. That isn't always the case though. McAfee has an awesome command line that doesn't need to be installed, but MalwareBytes also has an awesome one that can only be used when installed.

    I'll look into it and see what I can work out.

    Thanks
     
  4. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
  5. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Ah. I see. I'll look into what makes those tick ;)

    What made you not want to use those two applications? I understand the latter one is super expensive and is only and SDK. But what's wrong with the first?

    I only ask, so that I can make sure AVERT fits yours and everyone else's needs perfectly :)
     
  6. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Well for starters it said in the post for the first one that it's buggy and there is no link to download it at.

    I get the feeling it's a dead project, so maybe you can pick up the pieces and improve it or learn from it, if needed...

    THANKS
     
  7. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    This is simular to the first Hitman Pro (which was very popular in the Netherlands). It downloaded all freeware AV/Spyware software and made you PC scan. Now Hitman Pro has moved on to an in the cload approach, it is fun to see DasFox respond (hey this is what I do, great)

    :thumb:
     
  8. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Thanks again for the feedback. I've edited my first post to include the download link now that the upload has finished.

    Please give me all of your suggestions so I can make the best app I can. If there are any other free command line scanners you all want included, please let me know and I'll work on it.

    I've scoured the internet and thought I had found them all because I've spent a great deal of time doing so. But, even just today I found VBA32. So I'll include that one once I get some time.

    Thanks again!
     
  9. Sherlock_Holmes

    Sherlock_Holmes Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    1,448
    Location:
    Mumbai
    Whats the advantage of a command line scanner over a normal scanner ?
     
  10. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    679
    What I know is :
    -Portable
    -Would not write anything to registry
    -Without conflict with other AVs
    -Usually smaller in size
    -Usually more parameters/options you can set
    -Most of them are free
     
  11. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Looks like a good list to me ;)

    And in the case of AVERT, the only way to automate these tasks, is to be able to run command line apps that can have arguments passed to them. Other Av/As apps don't accept arguments and aren't portable.
     
  12. Sherlock_Holmes

    Sherlock_Holmes Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    1,448
    Location:
    Mumbai
    Looks great .. will have to find an infected pc to test avert
     
  13. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    679
    That's why I put command line scanners to my USB instead of GUI-Based AVs.:D
     
  14. Nek

    Nek Registered Member

    Joined:
    Apr 3, 2008
    Posts:
    25
    Don't intend to be a party pooper, but isn't this one of the biggest pitfalls of anti-malware tools? Did you factor in the risks of false positives?

    I haven't seen reputable malware removal sites i.e. bleepingcomputer.com that recommend automatic removal.
     
  15. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    679
    If you have a virtual machine, you can simply test it in e.g. VirtualBox or VMWare.
     
  16. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    679
    That is also what I concern.
    How about put the infected files to quarantine or move the infected files to a folder instead of delete them directly?
     
  17. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Hm... I'm fairly certain I'm using only clean or quarantine parameters, not delete. Surely that is safe, right?
     
  18. Sherlock_Holmes

    Sherlock_Holmes Registered Member

    Joined:
    Mar 21, 2010
    Posts:
    1,448
    Location:
    Mumbai
    I have vmware but dont have enuf malware to test it ... and downloading malware from mdl one link after one link will be time consuming

    and i have one more question
    will this avert be more effective than boot cds like avira rescue system
    i know avert uses more av engines but one will operate in linux os and dis one in d infected os
     
  19. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    No go in an XP VM and stops working in a Win 7 VM.

    XP.JPG

    7.JPG
     
  20. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I used the Eicar test virus. And as for its effectiveness versus PEs, it's hard to say. PEs are used if you're not able to boot into the OS or not able to access normal or safe mode and actually run apps. In that case, you'd want to run a PE and once you can get into the OS, run AVERT to make sure everything is good to go. However, I do plan on trying to make a custom Preinstallation Environment that AVERT can run in

    It only didn't work in the VMs? What were you doing when AVERT crashed?

    I tested on my Vista and Windows 7 computer along with an XP VM

    *Edit

    Wait... I forgot to mention that you have to have the .NET Framework 2.0 installed. Since almost all PCs do, it slipped my mind :p
     
    Last edited: Oct 4, 2010
  21. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    679
    The clean parameter in some command line scanners will delete files if it cannot clean/disinfect the files, or some will delete directly.
    So, you should test that only clean parameter to see whether it will delete files or not. As for Avira, you may test for "--defaultaction=move --quarantine=path"

    As for the signatures update link, Trend Micro and Sophos' are not unique links, so it cannot get the latest updates when there have other newer updates.
    The new signatures link for Avira is --http://dl.antivir.de/package/fusebundle/win32/int/vdf_fusebundle.zip--

    One more thing to inform you, your Panda package is a bit old, the latest version is 10.x, you may download again by using the official link in Panda's blog.
     
  22. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Please do not make this to automatically delete, because like Nek said, False Positives, so I hope you'll make an option to just Quarantine and if found to be False, then to be able to put back...

    Oh I thought a lot of the GUI AV Apps also come with a cmd line option built in?

    So we are talking about AV apps that are just cmd line only, no gui part involved?


    THANKS
     
  23. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I'm still checking into the clean parameters to see what each app does. I know that some of the signature update links can change. This is why there is a signatures.xml file located within the same directory as the executable. It's best not to open this directly, but if AVERT cannot update signatures, then you should change the download URL from within AVERT. When you open AVERT, you'll see a gear in the bottom left corner. Click it and you will be able to change the download URL

    http://p1cture.me/images/66397190531498365771.jpg

    I decided not to hard code the URLs when I realized Trend Micro wasn't updating because they change the URL. All you have to do is go to there site and copy and paste the new URL into AVERT so it will use the new URL when you run scans.

    Also, can you link the latest Panda Command Line Scanner? When I looked for pavcl, the one I'm using is the latest one I could find, from the blog.

    I'll still have to find out the behaviors of each scanner. If they don't all jump to delete if it cannot be cleaned, then we'll be okay. Otherwise, I'll try to quarantine all of them.

    As for the GUI apps, a lot of them do have command line options built in. But, they also have to be installed. In most cases anyway. Trend Micro's SysClean is a GUI app, but can also be used as a command line and is still portable. If there's a scanner you have in mind, please let me know and I'll see if I can automate it with AVERT.

    Thanks again for the info guys. I'm going to put together a read-me soon. This should help a little bit ;)
     
    Last edited: Oct 4, 2010
  24. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    679
    weirddemon,

    Panda link : --http://research.pandasecurity.com/blogs/images/pavcl.zip--
    Also you can download VIPRE by using wget -O "PATH\VIPRE.exe" "http://live.sunbeltsoftware.com/Download/" , then it can update(maybe better to say re-download).

    Not many GUI-based scanners have "working" parameters that can do what pure command line scanners do.
     
    Last edited: Oct 4, 2010
  25. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Dr web Cure it Command Line

    Norman Malware Cleaner

    Kaspersky has the KAV AVP Tool very big though 65+MB

    Maybe have a folder that you can add builds that expire and right click add to AVERT or if AVERT can read the folder and add the file to the list.

    Comodo
    Comodo Command Line Options

    Bit Defender Command Line Freeware
    BitDefender Free Edition v10 for the command-line utility(bdc.exe). More information regarding parameter

    Usage can be gathered at the BitDefender forums (http://forum.bitdefender.com/) or by typing the bdc /? command when using the command-line utility.
    http://ubcd4win.com/forum/index.php?showtopic=1785
    http://kb.bitdefender.com/KB151

    Microsoft Security Essentials Command Line

    MpCmdRun.exe -Scan [-ScanType]

    * 0 Default, according to your configuration
    * 1 Quick scan
    * 2 Full system scan

    Example usage:

    Full scan: MpCmdRun.exe -Scan -2

    MpCmdRun.exe -SignatureUpdate

    McAfee Command Line Scanner
    Page doesn't say if it is free or paid.
     
Loading...
Thread Status:
Not open for further replies.