LMT AntiMalware (Formerly - LMT Anti Logger)

Discussion in 'other anti-malware software' started by mood, May 25, 2020.

  1. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
    Hi!
    LMT AntiMalware 5.4 released
    Changelog:
    • Rename the software from LMT Anti Logger to LMT AntiMalware.
    • Realtime Protection: Introducing the CuteDuck engine - a in-house engine based on databases from ClamAV, which supports scanning of PE files, MS Office files, compressed files and script files.
    • Basic Firewall: Will display Remote IP information when it detects an untrusted program tries to access the internet.
    • Fixed: Some minor bugs.
    Homepage: https://www.leminhthanh.me/antimalware/
    https://www.leminhthanh.me/antimalware/assets/img/tabs-1.jpg
     
  2. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    Just a suggestion, maybe u should hide the 22K downloads, people are not gonna be impressed with it, if anything they might think "that's so little".

    U can also put some claims like "Obliterates virus, leaves them no chance" etc. Doesn't matter if it's true or not, all the big av makers do that anyway. Just make it sound more convincing. Casual people won't know all the tech lang, but they will sure be impressed if they read that
     
  3. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
    Thanks, I will update the website
     
  4. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    638
    Location:
    Island of Woman
    leaves some stuff behind after uninstall I think, the main program directory was still there after reboot, used revo
     
  5. Tyrizian

    Tyrizian Registered Member

    Joined:
    Apr 26, 2012
    Posts:
    2,838
    Is this Open Source?
     
  6. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    Nope. Found nothing here https://github.com/leminhthanh1998?tab=repositories

    That said, you think other avs and anti-malware are open source? if they were open source anyone could fork and make their own versions. Thus the original authors wouldn't earn money from it. Kinda anyway. So yeah. None of the other anti malware or avs are really open source are they. So why would this be different.

    Actually there is some open source security software - https://sourceforge.net/directory/s...ic:security-utilities/antimalware/os:windows/

    But they suck lol.

    If you are so desperate for one, try Windows Defender Configurator from that guy on Malware Tips. Except then u have to use Windows Defender...
     
  7. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
  8. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
    A video about my app:
    LMT AntiMalware 5.4.1: Tested vs Malware https://www.youtube.com/watch?v=nB1kl9yil60
     
  9. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    108
    Location:
    Finland
    Hi,
    Watched the video, impressive work you've done. I have to test LMT AntiMalware one of my "testing laptops" soon.
    One little suggestion, in "Fileless Malware Protection" tab, is it possible to sort those block rules alphabetically?
    Are fileless malware block rules auto-blocked like in OSA/Syshardener etc similar sofwares?
    Because OSA/Syshardener/HC does not work with LTSC, what method do you use to make those block rules?

    Would be really nice to make your rules with arguments too in Fileless tab, for example:
    [Notify, Block, Allow] Net.exe user /add
    [Notify, Block, Allow] Net.exe localgroup administrators * /add
    [Notify, Block, Allow] Net.exe user * \password \domain
    etc...

    Regards,
    -sepik
     
  10. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    108
    Location:
    Finland
  11. lucd

    lucd Registered Member

    Joined:
    Jan 30, 2018
    Posts:
    638
    Location:
    Island of Woman
    how's that, I have LSTC and OSA and syshardener and hardener
     
  12. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
    Hi,
    Thanks for your suggestion on Fileless Protection, I will add it in some next versions.
    About OSA/Syshardener, I dont know how they work. My software uses a kernel-mode driver that allows to control when a process starts, if the process with arguments matches the rules, my software will block that process from executing.
    https://i.imgur.com/J0tLo2J.png
     
  13. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    108
    Location:
    Finland
    Is it signed kernel mode driver? I've tested a many AV's. F-secure is the worst, Dr Web self protection is the best i've tested and one other Zonealarm firewall driver.
    Yes, we can think about the situation, like Dr Web and Zonealarm, how "deep" they can install a driver? Ring 0?
    I tried to kill Dr Web processes, by using several ways. Process hacker cant kill it, it needs a admin installed .sys driver to do so.
    Dr web won, years ago, a medal for its self protection. No pskill, no taskkill, no via powershell. The same goes for zonealarm.
    Im kind sacred, how deep some AVs can made, and actually control your machine...
     
  14. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    Stop being so paranoid lol. The harder it is to kill, the better from a defensive standpoint.
     
  15. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
  16. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
    My software can be killed by TaskManager or Process hacker :)
    pskill, taskkill is not able to kill my software
    https://i.imgur.com/qBNWXju.png
     
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    So why not make it so that it can't be killed?
     
  18. moredhelfinland

    moredhelfinland Registered Member

    Joined:
    Mar 31, 2009
    Posts:
    108
    Location:
    Finland
    Interesting, tried to kill Dr Web processes via an admin. Process hacker offered to install .sys file, and i allowed. Dr Web KATANA popped up, unknown driver attempt (.sys) to install.
    Pretty good, i think.
    -sepil
     
  19. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
    It's already on my research list and I think normal malware can't kill my software.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Perhaps you can test it against these two simulators:

    https://www.snapfiles.com/get/antikeyloggertester.html
    https://www.snapfiles.com/get/stt.html

    Cool, but is the ransomware blocked by signature or by behavior blocking? And the new GUI really looks great!
     
  21. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    The 1st app last updated 2009, the 2nd 2017. There may be lots of new methods for collecting data. U think u are safe until the malware hops on ur pc and extract ur mic and webcam and whatnot and ur program doesn't even beep because u used some old tests and u're convinced it's foolproof.
     
  22. LeMinhThanh

    LeMinhThanh Registered Member

    Joined:
    Apr 21, 2020
    Posts:
    131
    Location:
    Vietnam
  23. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    Actually these methods are still being used by keyloggers, so it doesn't matter that these tools are a bit older.

    Cool, but how did it block it, by blocking the keyboard hook? And what about the other tests, did it also block access to clipboard and webcam? And what about making screenshots?
     
  24. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    1,037
    Location:
    Europe
    Why dont u test urself lol
     
  25. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    14,373
    Location:
    The Netherlands
    I don't use virtual machines anymore, and I'm not willing to install it on my real machines, that's why.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.