Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
Security Apps
Other security for Windows, Mac, Linux
PCHunter (XueTr) anti-rootkit new version
Message
<blockquote data-quote="Prorootect" data-source="post: 102206" data-attributes="member: 905"><p>.</p><p><strong><span style="font-size: 15px">PCHunter (XueTr) anti-rootkit</span> & antivirus on-demand 32 / 64 bit free new version</strong> - topic ..</p><p> </p><p>------------------------------------------------------------------</p><p><strong>NEW VERSION</strong> now is PCHunter Free <strong>version V1.0.0.4 - V1.35 : October 22, 2014 Build.</strong></p><p>- I downloaded from linxer's website, download link on his site is called:</p><p> </p><p>The standard version October 22, 2014 release V1.35 version. </p><p>Standard version Download: local download (md5: 1D171FB3576A08DF32DD8CBF90004BA1) </p><p>Where PCHunter32.exe is 32 version, PCHunter64.exe are 64 versions.</p><p> </p><p>Kernel Module tab slowdown, starts for a very long time (of some seconds) .. so I stick with v1.2.</p><p> </p><p>I unnnotched: Auto Check Updates.</p><p> </p><p>Readme - Changelog:</p><p>*Fixed a bug in x86 Win8.1 system.</p><p> </p><p>- Transfer rate (download) is much better by the linxer's website, than by epoolsoft website .. then ..</p><p> </p><p>You have in the folder these two executables: PCHunter32.exe for 32-bit version, and PCHunter64.exe for the 64-bit version.</p><p> </p><p>In v1.31 version, on 'Ring0 Hooks' tab, you have the new tab called: I8042prt</p><p>Computer Examination tab changed its name to: Examination.</p><p>Load of the 'Kernel Module' tab is still slow, compared to version 1.2. Other tabs loads quickly.</p><p> </p><p><u>Changelog from readme</u>:</p><p> </p><p>2013-10-06 V1.3:</p><p>*Support Win8.1</p><p> </p><p>2013-03-22 V1.2:</p><p>*Added ClassInitData enumeration feature</p><p>*Fixed several bugs.</p><p> </p><p>2013-02-28 V1.1:</p><p>*Added Sfilter enumeration feature</p><p>*Added FltMgr Filter enumeration feature</p><p>*Fixed several bugs.</p><p> </p><p>In the <strong>'Other'</strong> tab, I see the New 'User Name' tab very interesting .. all user name accounts in the computer! With the posssibility to delete an account (with right click), perfect, thanks to the developper!</p><p> </p><p>In the <strong>'Setting'</strong> tab, the 'Manual Antivirus' section has changed it's name to 'Temporary configuration', so we always have the manual antivirus cases to notch and stay safe on this Wild Wild Web!</p><p>And Self protection cases are already enabled, like in the precedent version, perfect.</p><p> </p><p>.. and <strong>the GUI is much bigger</strong> than in the XueTr version.</p><p> </p><p>We look forward for the next Free versions ..</p><p> </p><p>------------------------------------------------------------------</p><p><strong>New link to PCHunter download</strong> - parallel to linxer's home website, called epoolsoft.com, by Discuz!, in Google English translation, topic here: <a href="http://translate.google.bs/translate?hl=en&ie=UTF8&u=http://bbs.epoolsoft.com/forum.php%3Fmod%3Dviewthread%26tid%3D36%26extra%3Dpage%253D1" target="_blank">http://translate.google.bs/translate?hl=en&ie=UTF8&u=http://bbs.epoolsoft.com/forum.php?mod=viewthread&tid=36&extra=page%3D1</a></p><p> </p><p>Download link in the epoolsoft.com first topic's post: click on <u><strong>Local Download</strong></u> button, and you have epoolsoft.com <strong>PCHunter_free.zip</strong> - 6.52 MB only!</p><p> </p><p>------------------</p><p><strong>New links to PCHunter download</strong> - for the newest version (v1.0.0.3 2013-12-10 Build) too <strong>on MajorGeeks.com website</strong>: <a href="http://www.majorgeeks.com/files/details/pc_hunter.html" target="_blank">http://www.majorgeeks.com/files/details/pc_hunter.html</a></p><p> </p><p> </p><p>2013-01-22 V1.0 : <span style="font-size: 15px"><strong>Download link</strong></span> from XueTr (renamed PCHunter now) author linxer Home website : <strong>The PC Hunter V1.0 released, support Win8 and 64-bit systems (re-development on the basis of the original XueTr from)</strong> (Google English translation) : <a href="http://translate.googleusercontent.com/translate_c?depth=1&hl=fr&rurl=translate.google.com&sl=zh-CN&tl=en&u=http://www.xuetr.com/" target="_blank">http://translate.googleusercontent.com/translate_c?depth=1&hl=fr&rurl=translate.google.com&sl=zh-CN&tl=en&u=http://www.xuetr.com/</a></p><p><span style="font-size: 15px"><span style="color: #0000cd">- I downloaded this first PCHunter 1.0 version from the <strong>Download Address 2: Local Download</strong> (md5: EEC83714D20705ED6C04D279AC7111A2) - NO problems, very nice & easy, look like XueTr on bigger.</span></span></p><p><em>GUI window is bigger than XueTr GUI. Better visibility, the tabs / fonts are larger. Blue icon, same as it ever was XueTr icon.</em></p><p><em>Self protection (of SSDT and Shadow SSDT) is enabled already. </em></p><p><em>In Kernel tab: Hal Callback (hey, it's NOT Hal 9000 callback ..) and System Debug buttons are added. </em></p><p><em>In Network tab, Ndis Handler button is added. </em></p><p><em>In Startup tab, you have Startup, Services, and Schedule Task buttons. </em></p><p><em>Random GUI name, longer (so more secure) than in XueTr. </em></p><p><em>In <strong>PCHunter _free</strong> folder - I see the executables for Windows 32 bit and 64 bit versions: <strong>PCHunter32.exe</strong> - and <strong>PCHunter64.exe</strong> .</em></p><p><em>Because of my Windows 32 bit, I deleted the other version of executable, and Chinese file too .. </em></p><p> </p><p> </p><p>From readme ( released <strong>2013-01-22 V1.0</strong> ):</p><p> </p><p><strong>PCHunter anti-rootkit</strong> is a free and handy toolkit for Windows with various powerful features for kernel structure viewing and manipulation. It offers you the ability with the highest privileges to detect, analyze and restore various kernel modifications and gives you a wide scope of the kernel.</p><p><strong><u>With its assistance, you can easily spot and neutralize malwares hidden from normal detectors.</u></strong></p><p> </p><p>PCHunter currently supports the following Windows versions:</p><p> </p><p>Windows 2000 SP4 (32-bit only)</p><p>Windows XP (32-bit only)</p><p>Windows Server 2003 (32-bit only)</p><p>Windows Vista (32-bit only)</p><p>Windows Server 2008 (32-bit only)</p><p>Windows 7 ( 32 / <strong>64</strong> )</p><p>Windows 8 (32 / <strong>64</strong> )</p><p> </p><p>Currently, the following features are available:</p><p> </p><p>* Process Manager</p><p>View system process and thread basic information.</p><p><u>Detect hidden processes, threads, process modules.</u></p><p><u>Terminate, suspend and resume processes and threads.</u></p><p>View and manipulate process handles, windows and memory regions.</p><p> </p><p>* Kernel Module Viewer</p><p>Display kernel module information including ImageBase, Size, Driver Object, ImagePath, ServiceName and Load Order.</p><p>Detect hidden kernel modules.</p><p>Unload kernel module (dangerous).</p><p>Dump kernel image memory.</p><p>Display and delete system driver service information.</p><p> </p><p>* Hook Detector</p><p>View and restore SSDT, Shadow SSDT, Sysenter and int2e hooks.</p><p>View and restore FSD and keyboard dispatch hooks.</p><p>View and restore kernel code hooks including kernel inline hooks, patches, IAT and EAT hooks.</p><p>View and restore usermode process hooks incluing inline hooks, patches, IAT and EAT hooks.</p><p>View and restore message hooks (both global and local).</p><p>View and restore kernel ObjectType hooks.</p><p>Display Interrupt Descriptor Table (IDT).</p><p> </p><p>* System Callback Viewer</p><p>Display and remove Kernel Notifications ( Process / Thread / Image / Registry / Lego / Shutdown / Bugcheck / FileSystem / Logon ).</p><p> </p><p>* Network Viewer</p><p>Display current network connections, including the local and remote addresses and state of TCP connections.</p><p>View and delete IE plugins and context menu.</p><p>View and restore tcpip dispatch hooks.</p><p>Display winsock providers (SPI).</p><p>View and edit hosts file.</p><p> </p><p>* Filter Viewer</p><p>View and remove filters for common devices including disk, volume, keyboard and network devices.</p><p> </p><p>* Registry Viewer</p><p>View and edit system registry.</p><p>Detect hidden registry entries using live registry hive analysis.</p><p> </p><p>* File Explorer</p><p>Detect hidden files using both disk analysis and driver methods.</p><p>View and delete locked files and folders.</p><p>View file basic information including NTFS Alternate Data Streams.</p><p> </p><p>* Autorun Manager</p><p>Display and delete common autorun entries.</p><p> </p><p>* Service Manager</p><p>Display Win32 service information <u>(for Ring0 modules, it is included in Kernel Module Viewer).</u></p><p>Change service status and configuration.</p><p> </p><p>* DPC Timer</p><p>Enumerate and delete DPC Timer objects.</p><p> </p><p>* Miscellaneous</p><p>View and repair common filetype associations.</p><p>View and repair image hijacks.</p><p>Scan MBR (for MBR rootkit), Backup MBR, Reset MBR, Backup Boot Sector, Reset Boot Sector buttons.</p><p> </p><p>* Settings</p><p>Option to defense from process creation, thread creation, module load and message hook installation.</p><p>Option to defense from file creation, registry key creation.</p><p>Option to prevent system suspend, log-off, shutdown and reboot.</p><p>Option to prevent locking workstation and switching destop.</p><p>option to prevent setting system time.</p><p> </p><p><span style="font-size: 15px"><strong>Color codes:</strong></span></p><p> </p><p>1.suspicious object, hidden services, processes, hook function ----> <span style="color: #ff0000">Red</span></p><p>2.file Microsoft ----> Black</p><p>3.file manufacturers of non-Microsoft ----> <span style="color: #0000cd">Blue</span></p><p>4.no signature validation ---> Pink</p><p>5.Processes tab, when search for 'Find Unsigned Module', the unsigned module non-Microsoft ----> Khaki</p><p> </p><p> </p><p>Warning: Use it at your own risk. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY.</p><p>Disclaimer: This is just a free supporting software, if you use the software, giving you direct or indirect losses, damages, the Company shall not be responsible for. From the moment you use the software, you will be deemed to have accepted this disclaimer.</p><p> </p><p> </p><p>Check the latest version number on bbs.epoolsoft.com (in Chinese) : <a href="http://bbs.epoolsoft.com/forum.php?mod=viewthread&tid=36&extra=page%3D1" target="_blank">http://bbs.epoolsoft.com/forum.php?mod=viewthread&tid=36&extra=page=1</a></p><p> </p><p>Indispensable I think, free on-demand software ..</p></blockquote><p></p>
[QUOTE="Prorootect, post: 102206, member: 905"] . [B][SIZE=4]PCHunter (XueTr) anti-rootkit[/SIZE] & antivirus on-demand 32 / 64 bit free new version[/B] - topic .. ------------------------------------------------------------------ [B]NEW VERSION[/B] now is PCHunter Free [B]version V1.0.0.4 - V1.35 : October 22, 2014 Build.[/B] - I downloaded from linxer's website, download link on his site is called: The standard version October 22, 2014 release V1.35 version. Standard version Download: local download (md5: 1D171FB3576A08DF32DD8CBF90004BA1) Where PCHunter32.exe is 32 version, PCHunter64.exe are 64 versions. Kernel Module tab slowdown, starts for a very long time (of some seconds) .. so I stick with v1.2. I unnnotched: Auto Check Updates. Readme - Changelog: *Fixed a bug in x86 Win8.1 system. - Transfer rate (download) is much better by the linxer's website, than by epoolsoft website .. then .. You have in the folder these two executables: PCHunter32.exe for 32-bit version, and PCHunter64.exe for the 64-bit version. In v1.31 version, on 'Ring0 Hooks' tab, you have the new tab called: I8042prt Computer Examination tab changed its name to: Examination. Load of the 'Kernel Module' tab is still slow, compared to version 1.2. Other tabs loads quickly. [U]Changelog from readme[/U]: 2013-10-06 V1.3: *Support Win8.1 2013-03-22 V1.2: *Added ClassInitData enumeration feature *Fixed several bugs. 2013-02-28 V1.1: *Added Sfilter enumeration feature *Added FltMgr Filter enumeration feature *Fixed several bugs. In the [B]'Other'[/B] tab, I see the New 'User Name' tab very interesting .. all user name accounts in the computer! With the posssibility to delete an account (with right click), perfect, thanks to the developper! In the [B]'Setting'[/B] tab, the 'Manual Antivirus' section has changed it's name to 'Temporary configuration', so we always have the manual antivirus cases to notch and stay safe on this Wild Wild Web! And Self protection cases are already enabled, like in the precedent version, perfect. .. and [B]the GUI is much bigger[/B] than in the XueTr version. We look forward for the next Free versions .. ------------------------------------------------------------------ [B]New link to PCHunter download[/B] - parallel to linxer's home website, called epoolsoft.com, by Discuz!, in Google English translation, topic here: [URL='http://translate.google.bs/translate?hl=en&ie=UTF8&u=http://bbs.epoolsoft.com/forum.php%3Fmod%3Dviewthread%26tid%3D36%26extra%3Dpage%253D1']http://translate.google.bs/translate?hl=en&ie=UTF8&u=http://bbs.epoolsoft.com/forum.php?mod=viewthread&tid=36&extra=page%3D1[/URL] Download link in the epoolsoft.com first topic's post: click on [U][B]Local Download[/B][/U] button, and you have epoolsoft.com [B]PCHunter_free.zip[/B] - 6.52 MB only! ------------------ [B]New links to PCHunter download[/B] - for the newest version (v1.0.0.3 2013-12-10 Build) too [B]on MajorGeeks.com website[/B]: [url]http://www.majorgeeks.com/files/details/pc_hunter.html[/url] 2013-01-22 V1.0 : [SIZE=4][B]Download link[/B][/SIZE] from XueTr (renamed PCHunter now) author linxer Home website : [B]The PC Hunter V1.0 released, support Win8 and 64-bit systems (re-development on the basis of the original XueTr from)[/B] (Google English translation) : [url]http://translate.googleusercontent.com/translate_c?depth=1&hl=fr&rurl=translate.google.com&sl=zh-CN&tl=en&u=http://www.xuetr.com/[/url] [SIZE=4][COLOR=#0000cd]- I downloaded this first PCHunter 1.0 version from the [B]Download Address 2: Local Download[/B] (md5: EEC83714D20705ED6C04D279AC7111A2) - NO problems, very nice & easy, look like XueTr on bigger.[/COLOR][/SIZE] [I]GUI window is bigger than XueTr GUI. Better visibility, the tabs / fonts are larger. Blue icon, same as it ever was XueTr icon. Self protection (of SSDT and Shadow SSDT) is enabled already. In Kernel tab: Hal Callback (hey, it's NOT Hal 9000 callback ..) and System Debug buttons are added. In Network tab, Ndis Handler button is added. In Startup tab, you have Startup, Services, and Schedule Task buttons. Random GUI name, longer (so more secure) than in XueTr. In [B]PCHunter _free[/B] folder - I see the executables for Windows 32 bit and 64 bit versions: [B]PCHunter32.exe[/B] - and [B]PCHunter64.exe[/B] . Because of my Windows 32 bit, I deleted the other version of executable, and Chinese file too .. [/I] From readme ( released [B]2013-01-22 V1.0[/B] ): [B]PCHunter anti-rootkit[/B] is a free and handy toolkit for Windows with various powerful features for kernel structure viewing and manipulation. It offers you the ability with the highest privileges to detect, analyze and restore various kernel modifications and gives you a wide scope of the kernel. [B][U]With its assistance, you can easily spot and neutralize malwares hidden from normal detectors.[/U][/B] PCHunter currently supports the following Windows versions: Windows 2000 SP4 (32-bit only) Windows XP (32-bit only) Windows Server 2003 (32-bit only) Windows Vista (32-bit only) Windows Server 2008 (32-bit only) Windows 7 ( 32 / [B]64[/B] ) Windows 8 (32 / [B]64[/B] ) Currently, the following features are available: * Process Manager View system process and thread basic information. [U]Detect hidden processes, threads, process modules. Terminate, suspend and resume processes and threads.[/U] View and manipulate process handles, windows and memory regions. * Kernel Module Viewer Display kernel module information including ImageBase, Size, Driver Object, ImagePath, ServiceName and Load Order. Detect hidden kernel modules. Unload kernel module (dangerous). Dump kernel image memory. Display and delete system driver service information. * Hook Detector View and restore SSDT, Shadow SSDT, Sysenter and int2e hooks. View and restore FSD and keyboard dispatch hooks. View and restore kernel code hooks including kernel inline hooks, patches, IAT and EAT hooks. View and restore usermode process hooks incluing inline hooks, patches, IAT and EAT hooks. View and restore message hooks (both global and local). View and restore kernel ObjectType hooks. Display Interrupt Descriptor Table (IDT). * System Callback Viewer Display and remove Kernel Notifications ( Process / Thread / Image / Registry / Lego / Shutdown / Bugcheck / FileSystem / Logon ). * Network Viewer Display current network connections, including the local and remote addresses and state of TCP connections. View and delete IE plugins and context menu. View and restore tcpip dispatch hooks. Display winsock providers (SPI). View and edit hosts file. * Filter Viewer View and remove filters for common devices including disk, volume, keyboard and network devices. * Registry Viewer View and edit system registry. Detect hidden registry entries using live registry hive analysis. * File Explorer Detect hidden files using both disk analysis and driver methods. View and delete locked files and folders. View file basic information including NTFS Alternate Data Streams. * Autorun Manager Display and delete common autorun entries. * Service Manager Display Win32 service information [U](for Ring0 modules, it is included in Kernel Module Viewer).[/U] Change service status and configuration. * DPC Timer Enumerate and delete DPC Timer objects. * Miscellaneous View and repair common filetype associations. View and repair image hijacks. Scan MBR (for MBR rootkit), Backup MBR, Reset MBR, Backup Boot Sector, Reset Boot Sector buttons. * Settings Option to defense from process creation, thread creation, module load and message hook installation. Option to defense from file creation, registry key creation. Option to prevent system suspend, log-off, shutdown and reboot. Option to prevent locking workstation and switching destop. option to prevent setting system time. [SIZE=4][B]Color codes:[/B][/SIZE] 1.suspicious object, hidden services, processes, hook function ----> [COLOR=#ff0000]Red[/COLOR] 2.file Microsoft ----> Black 3.file manufacturers of non-Microsoft ----> [COLOR=#0000cd]Blue[/COLOR] 4.no signature validation ---> Pink 5.Processes tab, when search for 'Find Unsigned Module', the unsigned module non-Microsoft ----> Khaki Warning: Use it at your own risk. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY. Disclaimer: This is just a free supporting software, if you use the software, giving you direct or indirect losses, damages, the Company shall not be responsible for. From the moment you use the software, you will be deemed to have accepted this disclaimer. Check the latest version number on bbs.epoolsoft.com (in Chinese) : [URL='http://bbs.epoolsoft.com/forum.php?mod=viewthread&tid=36&extra=page%3D1']http://bbs.epoolsoft.com/forum.php?mod=viewthread&tid=36&extra=page=1[/URL] Indispensable I think, free on-demand software .. [/QUOTE]
Insert quotes…
Verification
Post reply
Top