Specialized Tools and Resources

 

This is a page dedicated to specialized tools and resources that are useful for various malware-fighting and security tasks. Most of these tools are not geared towards malware researches, but for users that need to remove specific difficult to remove parasites. The complete 2-viruses resource directory is available here.

Anti-Rootkit tools

Anti-Rootkit tools are specialized programs to detect and remove rootkits. Although “perfect” rootkit can not be detected (in theory) as they hide its processes and files, most of the rootkits can be detected and removed by one or another program. Some of the antiviruses offer rootkit detection as well.

Rootkit Revealer Free Rootkit revealer is an utility made by sysinternals, which was later acquired by Microsoft. It is classic rootkit detection utility, however it works on 32 bit windows systems only.
Gmer Free Gmer is advanced rootkit detection and removal utility. Although you can download zip, it offers randomized name executable download which is harder to block for rootkit applications.
TDSS Killer Free TDSS Killer, developed in Kaspersky Lab, targets specific rootkit, known as Tidserv, TDSServ or Alureon. This rootkit is quite popular as it causes browser redirection to infected websites. Note: Not all browser redirection is caused by rootkits, for other causes check our redirection guide here.
Sophos Anti-Rootkit Free anti-rootkit
Avira AntiRootkit Tool Free anti-rootkit
Rootkit Buster Free anti-rootkit
F-Secure BlackLight Free anti-rootkit
McAfee Rootkit Detective Beta anti-rootkit
Panda Anti-Rootkit Free anti-rootkit
RootRepeal Beta anti-rootkit
Vba32 AntiRootkit Free anti-rootkit

Firewalls

Comodo Comodo Firewall is one of the most widely used free firewalls around. It is efficient, reliable and hard to beat at costs.
Zone Alarm Zonealarm by CheckPoint is another very popular free firewall
Online Armor Online Armor is another good firewall with free version available. Paid versions provide anti-phishing filters, web shield and virus/malware protection
PCTools Firewall Plus A powerful firewall solution by PCTools, free of charge.
Lavasoft Personal Firewall A powerful firewall solution
Outpost Firewall Pro A powerful firewall solution
Norman Personal Firewall A powerful firewall solution
Ashampoo FireWall Free
Jetico Personal Firewall A powerful firewall solution

Junkware / Browser cleaners

These tools detect and clean unnecessary toolbars and other programs from your browser. They are useful in cases of browser hijack as long as no other malware is present.

Adwcleaner Adwcleaner is one of the most used stand-alone browser extension cleaners. It is free program developed by Xplode.
Junkware removal tool Junkware Removal Tool is a bloatware cleaner made by Thisisu. I faced some problems running it on Windows 8, though it should work perfectly on other versions.

Security Toolbars and browser extensions

Browser extensions try to make browser a bit more secure by automatically scanning the website or checking it against infected website databases. In many cases this functionality is similar to the one provided by Internet Security Suites, however browser extensions are usually free.

Online file scanners

Online file scanners provide a way to check if the file is infected or not. The scanners either check it against one or multiple antivirus engines or unpacks and analyses what the file does (behavioral analysis).

VirusTotal 42 Engines Virustotal provides one of the most in-depth file scanning services, as it scans each file with 42 detection engines including most popular antivirus and antimalware choices. Although the updates might be 1 day old sometimes, this is very useful website to check if download is infected or not. It allows file up to 20 mb in size.
Virscan.org 36 Engines Virscan scans up to 20 mb file against 36 antiviruses. The definition update process might be a bit slower than with virustotal, but that is my own impression.
Novirusthanks 24 Engines NoVirusThanks offers scanning with 24 antivirus engines. The upload is maximum 20 mb. Also it offers basic website scan for iframes.
Jotti 19 Engines Jotti scans each file towards 19 Linux-based antivirus programs and submits the infected file to antivirus companies.
Filterbit 10 Engines Filterbit scans file with 10 antivirus engines. What makes this service different, it is a demo version of Metascan – a SDK for building on-demand multiple antivirus scanners yourself.
Anubis Behavioral Anubis performs behavioral windows executable analysis, that is provides information what submitted program does. This service is useful to determine if executable performs some strange, possibly malicious operations or something it should not do. The results show which registry and file keys the program tries to access, which files are created or accessed, what devices the application tries to use. The results are provided on-the-fly.
Sunbelt Behavioral Sunbelt Sandobox provides behavioral analysis for executable sample. You will have to provide a working email address for the results.
ThreatExpert Behavioral ThreatExpert provides behavioral analysis for files up to 5 MB. The size limitation is the biggest drawback of this service, as many of the analyzers accept bigger files.
Camas Behavioral Comodo Instant Malware Analyzer provides web-based results for submitted file samples. Although at first it shows only basic file tests like its MD5 sum, after a minute or so you will get a full report. The service is faster than Anubis.
Xandora Behavioral Xandora is created by the Panda Labs. It provides scanning of binary files or archives, supports Zip archives with passwords so malware can pass antivirus engines on researchers PC.
Joebox Behavioral Joebox allows choice on what OS and how the infected binary will be run. It also allows some additional control on how the binaries will be tested. Archives are supported.

Websites scanners and blacklists

IPVoid.com Ipvoid scans multiple blacklists for IP address. It will find out if IP address was already detected for spamming or malware distribution
URLVoid An URL meta-scan engine. Scans several blacklist databases for url
Google Safebrowsing Google site check. Provides information about url and its ip address, together with info about malware detected on particular website
Wepawet A tool for analyzing PDF, flash or Javascript samples for malicious actions
PhishTank PhishTank

Update 06/21/2012. TDSS Remover link removed – no longer works.

 

 
24 August , 2010 15:35
 

3 thoughts on “Specialized Tools and Resources

  1. Pingback: ZeroAccess Rootkit - how to remove

  2. AntiVirus Support
     

    Norton Power Eraser deserves mention here as its been found helpful against many rootkits

     
  3. David
     

    Gmer and TDSS Remover links are dead

     

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>