Diagnostic program ESET SysInspector

Discussion in 'other anti-malware software' started by MrBrian, Jul 11, 2008.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    ESET has a fine free diagnostic program available called ESET SysInspector that can be used to assess a system for malware or other problems. This program should appeal to those of you who use HijackThis, AutoRuns, and similar programs. This program has not been mentioned often on Wilders non-ESET forums, so I wanted to bring this program to the attention of those of you who don't frequent the Wilders ESET forums.

    I like this program :). The use of color coding and ability to filter by risk level is very nice; nine different risk levels exist. I also appreciate the ability to compare a saved log with the current log to see what changed over time. The claimed ability to find items cloaked by rootkits is another advantage over some other diagnostic programs. The program doesn't provide any fixing capabilities presently, although it does allow you to open file items in Windows Explorer and registry items in RegEdit.
     
  2. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Hello , MrBrian :D ! I'd greatly appreciate your post . Eset SysInspector :cool: : INDISPENSABLE ! One click - and you know ALL ! Immediately . And in action : see Sysinternals Forums / Windows Discussions / Malware / thread : Bugs on the screen ( 03 June 2008 ) ... Look to my configuration on Wilders / Other Anti-Malware Forum / thread : What is your security ... Page 105 . Thanks , PROROOTECT
     
  3. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Thanks for the link MrBrian.:)

    Another useful app I will add to my "Fixit" folder on my usb drive.
     
  4. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :).

    Here is a screenshot, highlighting the Services section and one particular service. Notice how the color coding allows you to easily see which services are unknown. The filtering level can be set to see only items that are more suspicious.
     

    Attached Files:

  5. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    Indeed it's very good MrBrian, and i would never find it if you didn't make this thread. I don't read much from ESET's forum myself.

    Smokes a few programs i had for the effect.

    Thank you :)
     
  6. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    You're welcome :). I hope more people discover this program.
     
  7. BrysonB

    BrysonB Registered Member

    Joined:
    May 18, 2006
    Posts:
    56
    Location:
    South Carolina
    I just did! Thanks MrBrian. This is a handy and illuminating app to add to my arsenal. :thumb:
     
  8. HURST

    HURST Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    1,419
    Thanks!
    Nice addition to the tools folder :)
     
  9. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
    Thanks, got it. It does flag OutPost Firewall as a rootkit (and ranks it 9).
     
  10. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    I did some tests of SysInspector.

    First I ran SysInspector, noting some of the files on my system that were considered 'known' items by SysInspector. Then I changed some of these 'known' files with a hex editor. Then I ran the program again. In every case, the altered items were considered 'unknown', which is exactly what I hoped for! SysInspector appears to have a hash-based whitelist. This was determined by changing a 'known' file that had no digital signature, repairing the PE checksum (to rule this out as a possible mechanism), and noting that the file's status changed to 'unknown'. SysInspector also appears to check digital signatures, if present. This was determined by changing a 'known' file with a digital signature that was newer than the date of the SysInspector exe itself (to rule out use of a built-in whitelist), turning off Internet access (to rule out use of an Internet-based whitelist), and noting that the file's status changed to 'unknown'.

    I also tested the program's claim of finding rootkit-hidden items. I installed Elite Keylogger. I then ran SysInspector. SysInspector found 3 hidden drivers and assigned all of them status 9-risky, the highest risk status.

    I am pleased with the results of these tests :).
     
  11. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Nice tip! :thumb: :cool:
     
  12. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Eset SysInspector & MrBrian : GREAT IN ACTION !:cool:
    Thanks , PROROOTECT:-*
     
  13. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
    Hello,

    ESET SysInspector will be integrated into new major version of ESET Smart Security. With upgradability of Antistealth module it will provide powerful and very fast information about your infected machine. ;)

    Regards
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
    Will a standalone version remain also?
     
  15. Kosak

    Kosak Registered Member

    Joined:
    Jul 25, 2007
    Posts:
    711
    Location:
    Slovakia
  16. SKA

    SKA Registered Member

    Joined:
    Aug 2, 2002
    Posts:
    154
    Dear Kosak

    Will SysInspector be available in EAV or only in ESS ?
    May I also ask if a major new version of EAV is also in pipeline ? Thanks

    SKA
     
  17. makios

    makios Registered Member

    Joined:
    Apr 18, 2008
    Posts:
    126
    Nice tool.
    But one thing makes me somewhat confused:
    When I install Spywareblaster and immunize with it, the hosts eset sysinsp. finds seems to be fine.
    When I install Spybot & Destroy and immunize all, sysinspector finds a lot of critical hosts ... o_O
     
  18. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Spywareblaster(SB) does not add Hosts file entries when you "immunize with it". The only Hosts file feature associated with SB is the ability to create a back-up of your Hosts file for safe keeping.
     
  19. makios

    makios Registered Member

    Joined:
    Apr 18, 2008
    Posts:
    126
    Thanks, didn't know that.
    And the changes that immunization with Spybot & Destroy brings to the Critical Files results of SysInspector? Are these hosts file changes by Spybot a bad thing? (because Sysinspector does make me think so, but maybe I don't understand well what it means, these critical files..)
     
  20. G1111

    G1111 Registered Member

    Joined:
    May 11, 2005
    Posts:
    2,127
    Location:
    USA
  21. PROROOTECT

    PROROOTECT Registered Member

    Joined:
    May 5, 2008
    Posts:
    1,102
    Location:
    HERE ...Fort Lee, NJ
    Thank you, MrBrian!

    SysInspector & MrBrian: GREAT's in ACTION!:thumb:

    PS. Download also in SysInspector: Help / Check for Updates.
     
Loading...
Thread Status:
Not open for further replies.