PowerTool 4.8 x86 / 2.0 x64

Discussion in 'other anti-malware software' started by liba, Mar 13, 2016.

  1. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    76
    PowerTool is a security tool developed to offer you a simple means of keeping your computer clean of rootkit viruses and fixing kernel structure modifications.

    Rootkit viruses act on an administrative privileges and hide inside certain processes or applications. They can exploit certain system vulnerabilities that might lead to loss of personal information or even system override.

    PowerTool scans and analyzes files at kernel level which means that the scans get as thorough as possible. The application displays a comprehensive interface with a tabbed structure which makes it very easy to use and navigate.

    It’s separated into sections such as ‘System’, ‘Process’, ‘Kernel Module’, ‘Application’, ‘Registry’, ‘Services’ and ‘Startup’ which means that it covers all the crucial system file types that may be subjected to infection. The application doesn't just detect problems, it can also fix them. With it you are able to repair Registry Editor and Task Manager problems and various typical errors.

    ithurricane-PowerTool_1.png
    ithurricane-PowerTool_5.png

    web
    http://powertool.s601.xrea.com/

    download
    http://d-h.st/sk5I
     
  2. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    Thank you. But... may be now I'm not fully awake :D - in Europe is 9 am now: the MD5 Sum in your link is different from the MD5 Sum of the downloaded exe.
     
    Last edited: Mar 13, 2016
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Thanx will check it out
     
  4. liba

    liba Registered Member

    Joined:
    Jan 21, 2016
    Posts:
    76
  5. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    "antivirus/rootkit/bootkit tool"?
    lmao

    from my view another useless program to trash windows systems.

    2t
     
  6. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,433
    Location:
    Europe
    I've used it for many years without problems. Sure, a powerful rootkit can take the control of a system, and PowerTool would be useless, but it allows to check deeply your system for ignored and undesiderable programs, process, activties....
     
  7. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Looks like this is more than just a rootkit scanner:

    For example, you can have PowerTool forbid the creation of processes and threads, disable registry editing and deny creating of any files.
    Also looks a lot less "cryptic" than many rootkit scanners are. Will have to give it a try.
     
  8. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    So is anyone else using it? It seems to be quite an advanced system monitoring tool, but I wonder if it's trustworthy. I also wonder why non of the big AV companies have come up with something like this. On Win 32 I used to use Tuluka:

    http://www.tuluka.org/
     
  9. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,166
    tried it out and it crashed my pc in shadow mode
     
    Last edited: Sep 3, 2016
  10. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    I mostly use it to make copies of files that are locked and in use when I want to inspect them. That includes system files.

    A few times I've used it to force delete a directory or file. I also use it to keep an eye on the size of What is C:\$extend\$UsnJrnl anda few other locations.

    Plus it can show hidden registry keys. Example for Macrium Reflect users:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment

    I don't configure additional protection that's available. I don't use the program much but it has come in handy a few times.
     
  11. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    84
    Location:
    united kingdom
    I ran the tool and got it to check the MBR of my disks. It says the SSD has a rootkit infection, but it also says the MBR seems okay ?!? :confused:

    powertools_mbr.jpg

    Is there another tool I can use to check my MBR is clean or not?
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    OK, so you didn't experience any odd system behavior? I'm a bit wary because it's made in China. But it uses a driver, and only signed drivers can run on Windows 64 bit.

    Which OS are you using? I think it might be a false positive, back in the days I also got some strange readings from GMER. Of course, in theory some app might have modified your MBR.

    http://www.gmer.net/
     
  13. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    I keep driver signature enforcement disabled using ReadyDriver Plus. The PowerTool driver kevp64.sys scans clean (zero detections) on VirusTotal. So does the program's executable.

    PowerToolx64.jpg

    The driver unloads when you exit the program.

    MJ RegWatcher Log File.jpg

    I've been using PowerTool since v1.6. The only dodgy thing about it is trying to find clean download links as it's hosted on a few different sites. Some of those attempt to download "extras"

    I've had no issues with it at all and it's portable so runs without installation.
     
  14. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    http://free.antivirus.com/us/rootkit-buster/

    GMER will almost certainly show a few interesting false positive detections. Trend Micro Rootkit Buster should only flag up known problems.
     
  15. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    1,166
    callender

    got it to run and said all clear.
     
    Last edited: Sep 4, 2016
  16. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    Good news.
     
  17. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    84
    Location:
    united kingdom
    The OS is the one in my sig: Win 10 Pro x64 insider preview

    I think you're right about it being a false positive. I haven't used GMER for years. Does it run on Win 10?
     
  18. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    84
    Location:
    united kingdom
    Many thanks for the suggestion. I will report back the result.
     
  19. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    Same here - used for at least a couple of years at times.

    Note for new users. Just because something is flagged up in red it doesn't automatically mean unsafe or in need of repair. Just that it needs checking.

    Examples:

    Three red items on main screen seen when the program is launched Some users would panic and click the fix / repair button. However in this case everything is fine.

    Powertoolx64_1.jpg

    Below are user pinned items that were one pinned to the quick launch toolbar (I've since removed quick launch toolbar) - so they could be deleted but are not unsafe and do not cause problems.

    Powertoolx64_2.jpg

    Non standard file associations but valid and safe:
    Powertoolx64_3.jpg

    Image hijack refers to IFEO (image file execution options)

    The entries below were added by me to make use of the debugger to launch other programs instead of those listed under "name" if those processes ever try to launch.

    Powertoolx64_4.jpg

    So just be warned that investigation is needed before trying to fix something.
     
  20. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    OK, so it won't even run on Win 64 bit, because it doesn't have a signed driver? Then it's a no go for me.

    It has support for Win 10 according to the website. But yes, these type of tools often give at least one false positive.
     
  21. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    84
    Location:
    united kingdom
    Well, according to Trend Root-kit Buster, all is clean :thumb::

    Code:
    +----------------------------------------------------
    | Trend Micro RootkitBuster
    | Module version: 5.0.0.1198
    | Computer Name: TV-PC8
    | OS version: 6.2-9200
    | User Name: tv
    +----------------------------------------------------
    
    
    --== Dump malicious MBR ==--
    No hidden MBR found.
    
    --== Dump Hidden Files and Alternate Data Streams on C:\ ==--
    No hidden files found.
    
    --== Dump Kernel Code Patching ==--
    No kernel code patching detected.
    
    --== Dump Hidden Services ==--
    No hidden services found.
     
  22. Callender

    Callender Registered Member

    Joined:
    Jan 9, 2015
    Posts:
    66
    Location:
    London UK
    I'd be happy with that. PowerTool probably just detected a "non standard" MBR but you'd need an expert on MBR to explain better.
     
  23. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,764
    Location:
    Outer space
    Haven't used it in a while but it always worked fine for me on 64 bit (Win7), and I don't have the signed driver enforcement disabled.
     
  24. askmark

    askmark Registered Member

    Joined:
    Jul 7, 2016
    Posts:
    84
    Location:
    united kingdom
    Yes, no problems here, running it on Windows 10 Pro x64 AU 1607. Apart from a false positive on the MBR but that's probable not OS related.
     
  25. ArchiveX

    ArchiveX Registered Member

    Joined:
    Apr 7, 2014
    Posts:
    1,015
    Lots of F/P with these A/R Tools...:mad:
     
Loading...