Automatic Virus Eradication & Removal Tool

Discussion in 'other anti-malware software' started by weirddemon, Oct 3, 2010.

Thread Status:
Not open for further replies.
  1. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    WoOt there ya go, in no time you're going to be in the ranks of MAB, SAS, Hitman, etc...

    Look out gang Avert is coming to town!

    weirddemon, something else that came to mind, is there a way eventually you might be able to create a Avert boot rescue cd?

    Also I forgot if I mentioned if you might be able to make Avert also with a 'Front End' ability so you can plugin/add any AV CLI scanner of choice?


    THANKS
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,738
    SARDU can incorporate multiple AV rescue discs.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,978
    @ weirddemon

    Don't know if this one has been mentioned ? but as i just saw the following, i thought i'd post it just in case you might be able to incorporate it :thumb:

     
  4. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Thanks, CloneRanger. I had not seen that and I don't believe it has been mentioned.

    I'll look into it. If that looks good, then it looks like I will eventually be able to add 3 more scanners as soon as I get time. As you can imagine, adding more scanners is quite time consuming.

    There are a couple of different methods I can use and I'm currently researching everything to determine how to best move forward with a pre-installation disk.

    As for the front end, I was thinking more about it and I'm not sure that it would be beneficial. Because, if you think about it, I do have and will eventually have pretty much every free CLI scanner into AVERT. I could add support for paid scanners, but I wouldn't need to make a front end for it and other CLIs would be pointless, because they would need to be installed on that machine.

    Also, DasFox, you PMed me about some issues you were having with AVERT and I'd like to quote them and answer them here, so that if anyone else is confused or having these issues they would benefit from my responses as well.

    1. You're concerned about the CLIs showing and would like to have just one interface to view what is happening. I could easily do this with just one line of code, but chose not to for these reasons:
    a. If I did this, the user would not be able to cancel that scan. Let's say, the user chose 3 scanners and wanted to cancel the second one, for whatever reason, they wouldn't be able to if the GUI wasn't visible.
    b. Without seeing the GUIs of the CLIs, the user does not know at what point the CLI is, in its scanning and I have no way of getting that info from the scanners. However, if it's really that important, I could add an option to show or not show the scanner GUIs.

    Issue two is accompanied with the following info from DasFox:

    2. So, the issue here, is just learning how the app works and I could do a better job and make some documentation for, which I think I will soon. I'll make it a top priority.

    Okay. So what you're doing is opening AVERT, choosing "Quick Scans" and hitting start. You want to be able to choose which scanners you want to run and you don't think that the "Not Installed" message should be there.

    It's there, because it's telling you the issue. You chose to run Asquared and ClamWin, but you don't have them downloaded. When you get a chance, please check out my FAQ section of my website.

    From avertsoftware.com/faqs.html:

    So first, click this which shows you how to download whichever scanners you want to use. If they're not downloaded, you can't obviously use them.

    Then, to choose which scanners you want to use when scanning, select "Custom" from the drop down box instead of "Quick." The three top options in the drop down box are just quick options to choose, but you can customize them by selecting it. If the scanner is highlighted red, it hasn't been downloaded and that message you receive let's you know that so you can download it.

    3. As for the multi scan engine like Hitman Pro, I'm not sure what you're getting at. AVERT is just a GUI that uses multiple scanners to make out jobs easier. Eventually, I'll add some additional features, but AVERT is not trying to be an anti-malware app itself.

    Does that help clear up things?
     
  5. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    BTW, not sure if this question is asked but i'm lazy to check so many posts xDD

    So, When i scan my PC with AVERT with let's say all the 7 engines . . . are all those engines using default scan settings of each engine? Or they are all maxed out? (Heuristics, sensivity etc.)
    I'm asking because software like Avura, EAM and probably others which i don't know, comes with some options unchecked (Such as EAM, no heuristics, riskware etc.) :D
     
  6. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Well, it depends. If you choose the "Complete" option, then yes, all the scanners will do everything they can.

    But, if you choose custom, you can select all 7, but choose if you want each scanner to do thorough scanning, blended, or minimal

    Take a look at this screenshot.
     
  7. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    So if i choose complete, scanners such as Avira which heuristics default is the middle one will be set to the highest? (I just used Avira, actually i'm talking about all Engines.)
    BTW awesome work man, still haven't been able to test it, but i will surely have one in my tool chest that i use quite often to clean infected PC's i'll give you my feedback if i use it :D :thumb:
     
  8. andylau

    andylau Registered Member

    Joined:
    Jan 27, 2006
    Posts:
    698
    If you want to use what parameter options you want, you can just use the CLI directly by creating a batch file to run.
     
  9. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I think you're getting confused, Noob. On the main screen, when you see "Complete Scans, Balanced Scans, Quick Scan and Custom Scans", you're only seeing options that set predefined scanners. So, complete chooses all scanners at maximum values and quick chooses just 3 at minimal values.

    So, those don't really determine which arguments the scanners take. If you choose custom and select the scanner, you'll see three radio buttons:

    -Thorough
    -Blended
    -Minimal

    Thorough uses all arguments, Blended uses enough to give a decent scanning but won't take as long as Thorough and Minimal are just enough to run the scanner.

    That beats the point of AVERT and I believe Noob was only asking for informational purposes.
     
  10. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    i think i got it :D :thumb:
     
  11. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    A.V.E.R.T. Software - ARES Corporation
    Maybe you want to rethink the name? :D
     
  12. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Searching___, why are you trying so hard to make me change the name of my software? This is your second attempt at doing so.

    I'm fully aware of that software. But, like I told you before, infringement is generally only when customers believe that the infringer's products are that of the infringe.

    Which is why I can't register Macrosoft as a company or Apples.

    Let me worry about potential legal issues. I'll change the name if a C&D is brought forth and not a second before.
     
  13. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    You must have me confused with somebody else. I 've never mentioned this before as I just found this while googling for your tools.
    https://www.wilderssecurity.com/showpost.php?p=1761330&postcount=25
    https://www.wilderssecurity.com/showpost.php?p=1761558&postcount=27
    https://www.wilderssecurity.com/showpost.php?p=1763889&postcount=77
    https://www.wilderssecurity.com/showpost.php?p=1765678&postcount=96
    2/5 Posts were offering positive suggestions, 2/5 asking for a change from .NET, Not once suggesting a name change until the 5th post.

    It was in jest really, not to cause serious trouble, I'm a pot stirrer sometimes. I appologize for any offence I have caused.

    I broke down and installed dotnet to give your program a try and give my impressions of it.
    As it turns out, I have an opinion that doesn't involve a name change. :D

    Google says hxxp://avertsoftware.com as opposed to hxxp://www.avertsoftware.com
     
  14. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Hm... could have sworn that was you... but okay. Sorry for that then.

    Not when I Googled it. It was on the second page when I Googled it, but it had the www.

    Also, I'm getting ready to release AVERT 2.0 here soon. So if anyone has anymore suggestions they'd like me to add, please let me know soon so I can put them in before it's released.

    I'm using a bunch of suggestion from the suggestions post I made here on individual tools and I'm fixing up a couple of things as well as adding some other features.

    Thanks again for the support, guys.
     
  15. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    Ok so here's the problem I saw and then a bug I encountered.

    With all the scan choices it made sense to me that no matter what you picked, in this example I picked 'Quick', I should get a chance to pick and choose all the scanners I want to use for a Quick scan but I didn't, wasn't I suppose to?

    Ok so then, maybe in the 'Install Tool' section I should of been able to do this? Ok guess what, when I clicked it, it didn't do anything... :(

    So that's why I was saying to you before that when I did a Quick scan I had no options for anything other then Vipre being used and that was it...


    THANKS
     
  16. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Let's say you chose, "Quick Scans" and then customized it to do Thorough Trend Micro scans, which can take about 2 hours. How is that quick?

    The problem, is that you're misunderstanding how it works. The reason I made those first three options, Complete, Balanced, and Quick, was just so that you could have a simple method of selecting a predefined setup. If you want to customize quick scans, then it no longer becomes quick scans. It's custom. Which is why you choose Quick Scans.

    The way I setup Complete, Balanced, and Quick scans, was this:

    Complete - Uses all scanners and sets options to maximum
    Balanced - Uses a core scanner and a couple of other scanners to provide quicker scanning, but still blended
    Quick - Uses 3 quick scans for a preliminary scan than anything else.

    If you chose any of these options, say Balanced, and then choose Custom right after, you'll see that Asquared, Trend Micro, and ClamWin are checked. Minimal Asquared scans, ClamWin Blended and Trend Micro Blended scans are used.

    So, do you see what I mean now? You can choose quick and then select custom to choose additional scanners or remove scanners, but Quick, Balanced, and Complete scans are nothing more than words.

    You're making this harder than it needs to be. Just decide which scanners you want, go to the Install Tool, download the scanners you want to use, once AVERT restarts, select "Custom Scanners" and then choose the scanners you want to run.
     
  17. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
  18. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,491
    WOW nice a video of your tool in action!!
    Looks very very good IMO!! :thumb: :D
    Keep up the AWESOME work !
     
  19. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    First Impressions of AVERT Scanner Tool

    1. .NET - I have no programs installed that require .NET and have always excluded it from updates.
    I have a vista image CD from Toshiba-2007 that does not have .NET but does include Wildtangent. :eek:
    2. Downloading AV's - While downloading I was required to renew each instance of WGET with my HIPS; Can't you chain the AV downloads into a single WGET? These downloads are all coming through a single IP so should be possible, I know updates are different coming from each AV site.
    3. After Downloading AV's - Avira, the last to download at 465 kb, after completing caused an error that I was unable to get a screen shot of because the windows closed leaving me with only the MS "Check the Internet or Close the program" box.
    Your program should be able to produce a minidump at least during testing phase so you don't have to rely on inconsistent sources for program behavior issues.
    4. After Downloads - There was no confirmation window to affirm my downloads have been loaded and ready to go.
    5. After Clicking Run Scans - I was not presented with any screen about what AV's are available or being used.
    6. All information notifications should occur inside the AVERT program window, remaining present or minimized, exception being CLI executions.
    7. Scans: A2squared scan went well, Clamwin in the middle of the scan wants to connect out to internet on 165.254.6.83, Trend Micro found Nmap 5.35 (nping.exe) to be a virus as well as tdsskiller.zip (Cryp_Xed-16), Trend Micro Antispyware Antirootkit initialization failed (maybe HIPS interfered), Vipre could not enable rootkit engine, other scans went fine as far as I could tell while sleeping since there are no individual reports I have no real idea, no Avira scan.
    8. Reports - I like the summary but I was hoping that after scanning all of the engines would send a scan report to a single folder in the AVERT directory. When getting help some forums may want to see an AV's report. Specific information like the fact that antirootkit engines didn't run can be useful to them.
    avertscan.png
    9. Should I disable HIPS while running scans?
    10. Maybe a mention that scans can take awhile, in my case 14 hours and still no Avira. :eek:
    Some type of heads up warning about time involved will prevent people from becoming annoyed by the inconvenience of not being able to plan.
    11. Returning to the tools section to re-download Avira and it is grayed out. If it was a bad install, there is no way to fix through your program, your program assumes the complete program is present. I'm sure deleting a file somewhere would re-enable the grayed out selection for Avira.
    12. What is the Md5 and Sha1 sums for your downloads?

    What I see, my overall impression, is a lack of information that can be percieved as a negative and I was amazed at the amount of time required to complete.
     
  20. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127

    WGET launches anew each time because it's the easiest way to update the scanners. I'm going to guess that a lot of your issues relate to HIPS. Can you try disabling it just to see if things move a long a little smoother?

    What showed the error? WGET? Avira? AVERT? Windows?

    On the install page, there's a line that reads:

    I suppose I could add in a prompt. I hate using prompt, because I want AVERT to be as automatic as possible. But, I guess one prompt here won't slow anything down.

    Hm... I'm not sure what you mean... but you want a page before the scans begin that go over the settings you chosen? After you download the scanners, select "Custom Scans" from the AVERT Scans' Configuration drop down box and you'll be able to choose which specific scanners are being used, their configuration, and which are installed.

    And during the scans, there's a white box in the top left corner of the screen that tells you what AVERT is doing, when it's doing it, including the scans and what configuration you've chosen.

    The reports are created, but I just delete them along with the rest of the temp files after I pull the info I need. But, I agree, it could be important to have those logs, so I'll work on keeping them on the machine.

    Also, do you think it would be beneficial to be able to save the report and settings page in case it's needed later?

    Yeah. Given the fact that a typical complete scan takes 2 hours or so and you ran all 7 scanners at maximum, it makes sense it took 14 hours. But, I can add in some information about estimates to, "Complete Scans", "Balanced Scans", and "Quick Scans."

    I'll need to know what cause the issue in order to fix the underlying cause and not just make a band aid. But, if you delete the Avira zip and restart AVERT, you'll be able to re-download it. But remember, Avira can't be used without a key file.

    I don't ave any hashes at the moment, but for security purposes, I can setup one.

    I appreciate the feedback, but did you read all of the text in the different areas of AVERT? Generally, any information that you need to know about that section has text that explains what is going on or has a blue "?" button that provides additional information. And, as for the time, like I mentioned, running 7 scanners with "Thorough" selected for each, will take the longest. But, like I mentioned earlier, I'll provide time estimates based on testing in the future.

    Thanks again :D
     
  21. 1000db

    1000db Registered Member

    Joined:
    Jan 9, 2009
    Posts:
    718
    Location:
    Missouri
    Since this tool is meant to be used on an infected machine what about exe killing malware? What I mean is how will AVERT run on a machine that blocks the execution of exe's and such. Can you do something like Hitman Pro that kills all non-OS processes before a scan? Or maybe offer AVERT in alternative executable types such as .pif, .scr, or .com similar to how RKILL works? I like where this tool is going however, it seems useful. :thumb:
     
  22. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Thanks again for all the feedback guys. I've listened to your suggestions and have added a bunch of fixes and features:

    Please see the change log here, for version 2.0

    The AVER package on the download page will be updated, but you won't need to download the entire package. Just select update from within AVERT and it will take care of the rest.

    Thanks!
     
  23. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I am working on making a Preinstallation Environment disk so that scans can be ran offline, but nothing at the moment.

    As for the other suggestions, nothing at the moment, but that definitely seems intriguing and I'll look into it.

    Thanks for the info.
     
  24. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I just wanted to add a couple of things I'm working on for AVERT.

    First, though I've mentioned a PE disk a couple of times, it's not a top priority at the moment, but I am working on it.

    Second, there are two main features I'm looking to add soon. I want to add the ability to utilize scanners that have CLIs and that are already installed. Like Norton, MBAM (hopefully), etc. And the next, is the ability to use AVERT even if malware is stopping executables from running. This idea came from 1000db at post 121. It's a great idea :D

    Also, I'd like to mention that MajorGeeks has decided to host AVERT on their website and for that I am extremely grateful. AVERT has been uploaded for less than 3 hours, at the time of this posting, and has already been downloaded 146 times with a rating of 4.33.

    If you like AVERT, please visit MajorGeeks at this link and vote for it.

    One last thing, along with my how to video, I created a how to page, so you can see the initial steps needed to run AVERT. You can take a look at the video from the download page which also has a link to the how to. But, the how to can be seen at this direct link.

    Thanks again, guys!
     
  25. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I've updated AVERT to 2.1. I've fixed a bunch of small bugs and added a couple of things. The biggest change, is the addition of installed scanners. AVERT now supports select scanners that the user has installed.

    This means that if any of the scanners on the list are already installed on the PC AVERT is being used on, the user can then use that scanner with the others.

    For now, the only supported scanner is AVG. As you all can imagine, adding additional scanners is time consuming. It usually takes several hours to code it in, test it on various systems and then fix any bugs that occur. So, I'll be adding support for more as I get time.

    If there's any requests for specific scanners, please let me know.

    Installed scanners works just the same as portable one. Just select, "Custom Scans" from the AVERT Scans configurations drop down box. In this window, you'll see two tabs. One for portable scanners and the other for installed scanners. If any of those scanners are installed, it's back color will be white. Just select it, hit okay, and click Run Scans.

    Thanks

    http://p1cture.me/images/54515521122832502813.jpg
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.