Powertool Anti-Rootkit updates:

Discussion in 'other anti-malware software' started by BoerenkoolMetWorst, May 9, 2014.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Old thread:
    https://www.wilderssecurity.com/threads/open-source-powerful-anti-rootkit-new-toy.326781/

    32 bit:
    Code:
    2014-02-08 PowerTool x86 V4.6
      Add:
    1. Add view process commandline and process type (distinguishing normal process and service process)
    2. Check whether you need to restart after Windows Update
      
     Modify:
        1. Improved support for win8.1 (including process timers, detection kernel entry point, etc.)
        2. can parse multiple ADS stream files of one file.
        3. Improved delete directory (recursively delete).
        4. Modify the view WFP network filtering crash BUG.
        5. Remove the self-protection warning dialog when start PowerTool.
        6. Restore the online update feature.
    
    2013-12-08 PowerTool V4.5
      Add:
    1. Support Windows8.1
    2. Add view and remove WFP Filter
    3. Add view NDIS MiniDriver and MiniPort
      
     Modify:
    1. Fix bug of enum process on windows2003.
    2. Fix bug of view task scheduler.
    3. Replace Filterbit to Jotti as online scan engine.
    64 bit:
    Code:
    2014-01-28 PowerTool x64 V1.6
      Add:
        1.Add remove filter driver.
        2.Add delete directory(Recursively delete).
        3.Add rename file.
     
    Modify:
        1. Enhanced force delete functions(can delete the files protected by antivirus software)
        2. Fix bug of view process API hook.
        3. Restore the [online update] function.
    
    
    2014-01-20 PowerTool x64 V1.5 
    Modify:
        1. Modify bug of only get one ADS stream file when parsing NTFS
        Add multiple stream file:
        echo "this is a stream file" > a.txt:stream.txt1;echo "this is a stream file" > a.txt:stream.txt2
        2. Modify analyze registry file bug.
        3. Modify bug of file not exist and parsing command line parameters
        4. Modify bug of can't get ShadowSsdt hook on Win8/Win8.1
        5. Modify crash bug when view [WFP(Windows Filtering Platform)]
        6. Add PayPal Donation(PayPal Account : ithurricane@gmail.com, thank you for support)
       
    
    2013-12-02 PowerTool x64 V1.3
      Add:
        1.Add view and remove WFP(Windows Filtering Platform).
        2.Add Support Windows 8/Windows 8.1.
        3.Add simple self-protect.
     
    Modify:
        1. Enhance kill process
        2. Modify bug of process's user timer.
        3. Modify bug of view digital signature.
        4. Modify bug of view task scheduler.
        5. As the online scanner site Filterbit invalid, replacing it uploaded to Jotti.
    -http://d-h.st/users/powertool-
     
  2. controler

    controler Guest

    When I go to their site the newest 64 bit version is 1.6?

    Also Malwarebytes don't like the site .
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    I tried it the other day, but it wouldn't run ? Tried again today by DL'ing the 64 version in case they had mixed them up, but still the same result !

    Don't know what's up with the screenie ? But if you click on the .PNG link it's fine !
     

    Attached Files:

    • PT32.png
      PT32.png
      File size:
      5.4 KB
      Views:
      1,315
  4. controler

    controler Guest

    Clone? neither one of those RT links open for me!~!

    Wut OS R U using now?

    I am on Win 8.1
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Yes, the changelogs I posted show 1.6 as the lastest 64 bit version and 4.6 as the latest 32 bit.
    It's hosted on a file sharing service and MBAM's website/IP filter is always a bit triggerhappy, so that might explain it.
    Their downloads are on Google code as well, but they haven't been updated:
    https://code.google.com/p/powertool-google/downloads/list
    Very strange, perhaps the download keeps getting corrupted somehow?
    Here are the hashes I'm getting(on the .exe, not the .zip):
    Powertool x86 4.6 SHA-512: 4DA3421659D76BC3594F34D956BB09CDAF57EA378FDE0662E2D4D45CF491150D1CFF4CA96F9E633F73935F5AB0E81752822C94F53D59E3565AEC8A2197D07C11
    Powertool x64 1.6 SHA-512: C089AF189304B792FAAD6681E4CFB8866A5820E68A4C954599491B0A64DFC63E73FD52C5041B91DFABBC4C374B89D693E86A74F79B21C544D7FB99BC8340D125

    The screenie is due to the new forum software I think, but you can put it in your text and move it as well, then it won't be weird.
    EDIT: like this
    [​IMG]
     
    Last edited: May 10, 2014
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,055
    Location:
    The Netherlands
    I have to admit, I´m not really sure if we can trust these tools. I´ll stick to GMER. :)
     
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Originally Posted by controler

    Thanx for letting me know. It's because they were HTTPS instead of HTTP, i've changed them now.

    The same one i've had for years since i moved from 98SE, XP/SP2

    Originally Posted by BoerenkoolMetWorst

    Yeah Thanx, i did know that, but expected the forum soft to display it properly without having to do that. I think the reason might be due to my disabling Rich Text formatting in my options. I did that because of the excessive extra HIGH scripting going on with it enabled.

    As for Powertool v4.6 32 Bit SH1 = 5EDB56294444E02DED702A61D584F0EBF4031743

    Previous version works though!
     

    Attached Files:

    • PT.png
      PT.png
      File size:
      22.2 KB
      Views:
      42
  8. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    That's the same hash as mine, perhaps the developer introduced a compatibility bug with XP SP2 in the newer version.
     
  9. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,893
    I went to the host, for the download....Lo and behold, Emsisoft, blocked access. Not, to worry, I got the download, after creating a rule in EAM. ScreenShot_EAM_Blocks access_to website_01.gif
     
  10. controler

    controler Guest

    I have no idea wut this part of win 8.1 does but am wondering if it would help running this exe?
    Oh this site wont let me upload my PNG file ..
     

    Attached Files:

  11. controler

    controler Guest

    When I run the drive test it shows a bunch of infected SYS files. Run in compatibility mode. As an example all but one of my SYS files beginning with a W are infected.
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ controler

    I don't know why you should need to run it in compatibility mode ? Maybe that's why it's showing all those files as infected. I'm sure the're not, as i expect you are.

     
  13. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    Perhaps a compatibility issue with Win 8.1 Update 1?
     
  14. controler

    controler Guest

    until more people give it a try we won't find out much I am afraid. they think there some new form of malware attached to it?
     
  15. controler

    controler Guest

    no it just bothers me Clone this new generation of wilders members and all they think they know. I became a great grandpa this month!!!! I am pretty proud of that.
     
  16. clubhouse1

    clubhouse1 Registered Member

    Joined:
    Sep 26, 2013
    Posts:
    536
    Location:
    UK
    Had a look at this, clearly an experts tool...Not a I think I know my stuff type of tool....Certainly not for me :)
     
  17. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Well congrats to you & yours
     
  18. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    I just use PowerTools, now 4.5 version, simply I'm not sure to trust this downloading site.
     
  19. controler

    controler Guest

    blacknight

    Why don't you think we can trust the site? Did one of your software alert you?
     
  20. blacknight

    blacknight Registered Member

    Joined:
    Sep 25, 2007
    Posts:
    2,434
    Location:
    Europe
    When I click, for example, to pass to Home page, it opens links to other sites as " the pirate trade.com " or others: a bit strange for a security site.
     
Loading...
Thread Status:
Not open for further replies.