Hiya!
Vba32 AntiRootkit 3.12.5.3 beta build 222:
Download link:
http://anti-virus.by/en/beta.shtml
Change list:
+ Listing filesystem minifilters
+ Operations on filesystem minifilters ( Unload, Unregister )
FileSystem Minifilters window (and table in the report) has been added. User can find there information about filesystem drivers-minifilters. Also there are available two operations:
Unload and
Unregister. These operations are used to unload minifilter from memory. But
Unregister is less safety and can cause to BSOD.
+ Listing kernel devices ( Kernel Device Stack )
Kernel Device Stack window (and table in the report) has been added. The window displays kernel device stacks. Because of this user can analyze what kind of stack malware uses.
devices.png (59.48 KiB) Viewed 686 times
There are no any operations with objects in Kernel Device Stack yet. It's planned on the future.
+ View/delete for FsRtlRegisterFileSystemFilterCallbacks notificators
It can be helpful.
+ Detection of DriverInit, DriverStartIo, DriverUnload hooks
It can be useful to detect some versions of TDL.
+ Detection and restoration of hooks in Object Functions ( ObjectType hooks )
+ Object type hijack detection for drivers and devices
Not very widespread type of hooking (in view of complexity) but looks like malware and some sort of security software use them.
+ Operation with opened handles ( CloseHandle )
Very useful function! It's available from the
Process Manager window inside the
Handles tab.
+ Terminating status in the time of Process Manager closing
Closing of the
Process Manager window looks more clearly now.
* Fixed nonworking checkboxes in html-report ( in FireFox )
Sorry for FF users because we haven't supported you for 1.5 monthes. But now it's fixed.
* Focus from "YES" button was moved to "NO" button in the dedicated desktop request message
As I wrote early the antirootkit had some problems in the dedicated desktop mode. We have removed this mode by default. In the future, of course, the problem will be solved more radical way.
* Fixed GUI crash on infected with Trojan.Win32.VBKrypt machines
* Overall work robustness of antirootkit was improved
We have spent most of our developing time to increase stability of the application. We have fixed most known bugs that lead to BSODs or hangs.
Special thanks to
STRELiTZIA for bug with Trojan.Win32.VBKrypt.
* Help in Russian was improved
Remind you our e-mail:
arkit@anti-virus.by.
And thanks to everybody who sent us feature requests, errors and dumps. Your attention is very important to us!