Tigzy

From Adlice
Verified
Developer
Hey malware hunters and fellow helpers :)

I today come to present you a new tool that will come out soon.
It's currently actively being developed and I wanted to have a discussion with you regarding the features cause we don't want to build yet-another-diagnostic-tool (of course).

Adlice Diag is built on top of the new RogueKiller SDK (the one not released yet!).
It's able to:

- Make a hardware scan (processors count + brand, RAM amount / usage, disk usage, etc.. etc...)
- Make a diagnostic scan with the classic RogueKiller modules: Processes, Services, Tasks, Files, Browser extensions, MBR, Antirootkit.

During this scan, unlike RogueKiller, EVERY SINGLE object is reported, and this is the big difference with the Anti-malware.
All objects are reported into different tabs, a bit like in Autoruns.

- All the objects are scanned with RogueKiller engine, with online signatures (just like an Anti-malware, it downloads the signatures locally and use them for the scan). Detected items are marked with different colours and pre-checked by default.



- At the end of the scan, a report can be generated. This is another big new feature in this field, the report can be uploaded to our server and the OP is been given a permalink (this is purely optional, report can also be checked out locally). When the OP chooses to upload the report, it's a lot easier for him to just give the permalink back to the helper. We'll decide based on your feedback if privacy is important here (password on report?).

- When the helper clicks the link, it opens the report page on our website. Report is colored and has a nice checkbox-based view, all he needs to do is adjust the items to remove with checkboxes, and generate a removal script (our website handles the removal workflow).

- Meanwhile, the OP is notified a removal script is available (same here, privacy is important so we'll figure out how to make sure the removal scripts are securely signed) and chooses to apply it. At the end, a removal report can be generated the same way but this time the helper can get it directly into the workflow on our website to verify everything went OK.

Thoughts? We planned to maybe extend the website a lot so that all helpers can register and keep track of all their current malware removal status.
 

Tigzy

From Adlice
Verified
Developer
To clarify, Adlice Diag would complement something like FRST or Hijack This or replace it? Could a regular user deploy this tool in a meaningful way or is it for forensic use only?
It would replace it. It's not rocket science to list all the things installed/registered on a machine. The hard thing is really to determine whether those things are malicious or not. The tool will do both, and when failing to do the classification the helper will be able to know it and to do mitigate it with the tool.

Possible ETA?
2nd quarter (by the end) at best, 3rd most probable.
 

Tigzy

From Adlice
Verified
Developer
Could a regular user deploy this tool in a meaningful way or is it for forensic use only?
It will really be the same philosophy as FRST, deploy, fix and remove. It makes no sense to keep it on a machine afterwards.
However it will make sense for Techbenches and technicians to keep it on a network share/USB key, or helpers, so that the infected machines can be cleaned easily and with minimal reports exchange/copy/paste storms.
 

Prorootect

Level 53
Verified
Welcome here to MT, Tigzy!
I wish you the best of success to quickly develop this new tool, which will surely be world famous! Adlice Anti-Malware... AAM maybe?

Your famous website is not supported on my Chrome (Cent browser):
"This site can’t provide a secure connection
www.adlice.com
uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."

- but on Firefox all is OK.:
Adlice Software: adlice.com: Adlice Software - The Best Security Software, for FREE

Very nice and useful website! 3 pages of first class high utility softwares, many categories to surf... Ah!
 
Last edited:

Elpibe

Level 3
Welcome here to MT, Tigzy!
I wish you the best of success to quickly develop this new tool, which will surely be world famous! Adlice Anti-Malware... AAM maybe?
Or maybe AdAM

Your famous website is not supported on my Chrome (Cent browser):
"This site can’t provide a secure connection
www.adlice.com
uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."

- but on Firefox all is OK.:
Adlice Software: adlice.com: Adlice Software - The Best Security Software, for FREE

Very nice and useful website!
Its not Chrome, its your cent browser.
 

Prorootect

Level 53
Verified
Or maybe AdAM


Its not Chrome, its your cent browser.
Hello Elpibe,
This same problem (adlice.com website failled to load too) I've on my other Chromium forks: my Opera 36.0, Iron Version 49.0.2600.0, and Slimjet Version 10.0.13.0 based on Chromium 50.0.2661.75

No problem on Firefox forks: Firefox 52.7.0, Nightly (Basilisk), New Moon, SeaMonkey 2.49.2.

To widen the audience of website softwares, it would be nice to get rid of this problem...
 
  • Like
Reactions: Vasudev and Tigzy

Elpibe

Level 3
Hello Elpibe,
This same problem (adlice.com website failled to load too) I've on my other Chromium forks: my Opera 36.0, Iron Version 49.0.2600.0, and Slimjet Version 10.0.13.0 based on Chromium 50.0.2661.75

No problem on Firefox forks: Firefox 52.7.0, Nightly (Basilisk), New Moon, SeaMonkey 2.49.2.

To widen the audience of website softwares, it would be nice to get rid of this problem...
I try slimjet portable and no problem. Its something with your connection, probably you have to change a config to solve it, i dont see any problem with the web
 
  • Like
Reactions: Prorootect

lowdetection

Level 7
Verified
Currently using RogueKiller portable version, also the commandline one, surely I will look after this new program if also for this there will be a portable version. :)
 
  • Like
Reactions: Tigzy