AVERT tool suggestions?

Discussion in 'other anti-malware software' started by weirddemon, Oct 12, 2010.

Thread Status:
Not open for further replies.
  1. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    As many of you know, I released a free tool a little while ago called AVERT. You can view this tool at my website here or the WSF post here.

    I've received some decent feedback so far and there hasn't been a whole lot of issues, which is great. So, I wanted to expand on the tool a little bit more to help advanced users fix additional issues caused by viruses.

    Which is why I'm here :D

    I'd like everyone's suggestions about what type of individual tools would be useful in this regard.

    I'll give a couple of examples. When viruses infect a machine, they often screw with internal settings that stay even when the virus has been removed. Two specific things I can think of off the top of my head is IE proxy settings and the windows hosts file.

    So, two of the first individual fixes I plan to implement are the ability to automatically reset IE proxy settings and the ability to reset the windows hosts file.

    So, any other ideas?

    Thanks
     
  2. tk55

    tk55 Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    63
    to me the most troublesome is trying to get windows firewall service and windows security centre to work properly again. so far i'd failed 100% and had to reinstall windows. it would be great if your software can fix that automatically :)
     
  3. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    i said this before, but maybe adding more "manual" tools. I'm not sure if your farmiliar with auto it, but, maybe it can be configured to download, install and run tools like mbam, kaspersky virus removal tool, super antispyware. It would greatly increase the strength of the scanners as well.

    Also, you can incorperate fixes as the previous poster stated, kinda like super antspyware does with is fix task manager, fix registery, you get the point.
     
  4. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    Sorry for the double post guys, but another thing came to mind.

    Registry back ups. Especially since your using A2, with heuristics on, he possibility of it being a false positive is high (had it happen to me), and render the computer somewhat useless.
     
  5. Kyle1420

    Kyle1420 Registered Member

    Joined:
    May 27, 2008
    Posts:
    479
    Detailed task manager ;)
     
  6. Noob

    Noob Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    6,468
    This is what i thought, but if it deletes viruses settings and then you restore them back again? (Well the virus might be deleted but who doesn't likes to know that even their registry entries were removed :D)
     
  7. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Thanks for the suggestions guys. It's been super helpful so far.

    That's a great idea. I'll look into what's required and see what I can do. I'll send you a PM if I can get it figure out. Thanks!

    Could you elaborate a little more on the AutoIt suggestion? I'm a little confused. Do you think I should include it or something like it, that allows the user to create their own... plugin? Or something like that?

    I'll look into SUPERAntiSpyware's tools to get some ideas. Thanks

    Eventually, I'd like to add this in. I've actually made something like this before and for the most part, it ran rather well. The problem was that it was a huge memory hog and that was hard to manage :(

    I actually hadn't thought about registry backups, but I think I can manage that.
     
    Last edited: Oct 13, 2010
  8. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    AutoIt is pretty much a script, that'll do what you want it to.

    So lets say in the "manual tools", you check mbam and sas...you can code autoit to download, install, scan, and remove your infections.

    It'll script everything out for you. So the user has the "click n go" feature we love about this tool.

    You can use auto it to do everything for you.


    http://www.autoitscript.com/autoit3/index.shtml

    I'm pretty sure its free, and its pretty awesome actually.


    Anyway, the tool can be used to do everything, and if you could pick up on it, it'll broaden the ability of your tool. you can then go into tools such as kaspersky antivirus removal tool, have the browser download it, install it, configure its settings, and scan with it.
     
  9. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Now this is your fault, anytime someone is developing something new TWO THINGS!

    1. Make an image of your system...
    OR
    2. Use a VM like VMware or Virtualbox...

    No crying about how your box got hosed when you should know better...
     
  10. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    I don't think he was saying that this is something AVERT messed with. Mainly because AVERT doesn't affect those parts of the OS.

    If I'm not mistaken, he's saying that after a virus has screwed those parts up, he can't seem to fix it without an FFR. He'd like AVERT to fix those issues if they exist, not that AVERT caused them :D

    I think. Or at least I hope so. I wouldn't know how AVERT caused the issues if it did ;)
     
  11. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    Hey everyone. I added a bunch of new features to AVERT and v2.0 is out.

    tk55, I'm still looking into your issues, but I was able to add some other requested features, such as registry backups.

    http://www.avertsoftware.com/downloads.html

    Thanks again
     
  12. tk55

    tk55 Registered Member

    Joined:
    Apr 18, 2009
    Posts:
    63
    thanks weirddemon, that's exactly what i meant.

    looking forward to see what you can come out with :)
     
  13. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  14. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    Not sure if i read incorrectly , but are you adding 3 MORE scanners?
     
  15. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    When I had 7 scanners, I was looking into 3 more. As of right now, I added 1 more, making the total 8.

    It looks like I might be able to add 2 or 3 more later.
     
  16. Boyfriend

    Boyfriend Registered Member

    Joined:
    Jun 7, 2010
    Posts:
    1,070
    Location:
    Pakistan
    @weirddemon: Thanks and congrats for wonderful tool. With eight scanners and one thorough scan should be enough to remove every nasty out there. Keep on good work :)
     
  17. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    The ability to choose individual engines and scan at various strengths.
    One window for everything, no pop ups of more windows.
    When scans begin, no window always on top, but in AVERT program window.

    This is what I was thinking it should be like when using your program.
    avertkick4$$.1.png
     
  18. weirddemon

    weirddemon Registered Member

    Joined:
    Oct 3, 2010
    Posts:
    127
    That feature is already there. Could you elaborate more on what you mean? If you check out the How To page, you'll see in step 7, that the Options window allows you to check each scanner you'd like to use and if you select a scanner, it's "Advanced Configuration" box appears below the scanners. Here you can choose, "Thorough", "Blended" and "Minimal" scans. This gives you the ability to customize how each scanner runs, so they're not all at Maximum, even if you run them all.

    I've tried making the GUI as simple as possible and even made a how to video and web page. The GUI I'm using at the moment, should be intuitive enough for most people to understand and provides the best UI for expandability. If I just throw everything on one page, even in tabs, it will get cluttered very quickly. Especially when adding more features. If I did this GUI, then I'd have 9 tabs. But, if I did the whole, "tab-within-a-tab" thing, that help less the tabs, but would look cruddy.

    So, for now, the GUI's staying.

    I don't understand. Could you elaborate?

    Thanks for the feedback, Searching_ _ _

    Thanks. I appreciate the support.
     
  19. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    As I see it there are 5 core needs to be fulfilled by your program:

    1. Initiating scans
      • Anti-Virus Scanners
        • Depth
        • Update
      • Ccleaner
        • Strength
      • AVERT Registry Tool
        • Depth
    2. Installing scanners
      • Downloads
    3. Reports
      • General Statistics
      • Specific Scan Report List
    4. Backups
      • Import
    5. Tools

    Scanners:

    In the "Run Scans" window, with all AV's, Ccleaner, AVERT Registry Tool choices present and the ability to be selective in scan depth will satisfy all of your requirements for Complete, Blended, Quick and Custom in a single window. The main "Run scans" window can be the Custom window, then you can add Complete, Blended, and Quick as buttons similar to "Run Scans" button to the bottom that will have programmed choices for the engines. When you click "Complete" it will highlight its choices; When you click "Blended", it will highlight those choices. Ccleaner and ART can operate depth independently of the scanner depth. It will be plain to the user what they are getting into without having to read or see a How To.
    Next to or under "Complete" and "Quick" for each scanner you can have the estimated time to complete that rows depth choice.

    Avert Signature Settings:

    This can be handled in a configuration file similar to how Sandboxie uses a config file, accessed by a button that calls up notepad, no need for the window IMO. This will be a feature that doesn't get much use but can be called up when needed.

    Install AVERT Scanners:

    This is good to be it's own window as it clarifies that you need to download each scanner.
    It should also have the estimated file size associated with each download option. People have varying qualities of internet service and will be able to custmize downloads for their internet access quality.

    Reports:

    This is good to be it's own window and is obvious.
    A need for individual scan AV reports is a priority over general info, IMO. It could be an additional list item that can call up an individual scan report.

    Statistics, this is the overall general view of the detections saved as xml.

    General statistics and Specific AV reports, side by side or top down views, both persistent.

    Backups:

    This is good to be its own window with a list of registry entries that can be imported should there be a problem.

    For the PE Environment there should be a hex editor, UBCD4Win uses Tiny Hexer, there may also be other hex editor plugins available.

    Developing isn't easy because one choice today can create a mountain of work tomorrow.
    Explaining your perceptions and insights is challenging as well.

    After you "Run Scans", an always on top window provides the status of current actions when it is obvious with the cmd window that somethings going on. This status info can occur inside of a non disappearing AVERT program window.
     
    Last edited: Oct 16, 2010
  20. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825
    I'd love it if this could be a multi-engine scanning app, not just one scanner at a time...

    But, hmmm could that be possible or multi-engine scanning needs to go Cloud based...

    Hmm


    Multi-Engine scanning is the future. ;)
     
  21. curious george

    curious george Registered Member

    Joined:
    Jun 24, 2007
    Posts:
    218
    I think multi scanning engines would be extreamly heavy on the system. If the idea were to ever be put into play, i'd most likely be with cloud.
     
  22. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Yep heavy on the system...

    But multi-engine scanning is the future.

    When you have an infected system, well, what do you want to do, is the question, quick or complete scans?

    Problem here is many people will do quite a bit of complete scanning and quick, but when you do quite a few of those complete scans, boy you can really consume a lot of time.

    Many of the engines in Avert are extremely slow. As a test last week I put it on a full/complete scan of all engines and 7 hours later it was still not done. But we can't blame the developer for this, his hands are tied...

    With a program like Avert you need good and fast engines but with it being limited to how many CLI scanners are out there, it doesn't leave many choices, which is the downfall of this application, not enough, better engines to pick from and use instead.
     
Loading...
Thread Status:
Not open for further replies.