- Mar 15, 2017
- 210
Hey what's your OS? Looks like an old seven without SP1.
Adlice Diag - New Diagnotic Tool with Anti-malware engine
- Thread starter Tigzy
- Start date
- Nov 5, 2011
- 5,855
- Mar 15, 2017
- 210
Ok yeah my colleague tells me this version of SNI isn't supported on old XP and Seven versions.
EDIT: Some browsers (including Chrome/ium) are using system (buggy and outdated) DLLs for it, and thus aren't able to deal with new TLS protocols.
EDIT: Some browsers (including Chrome/ium) are using system (buggy and outdated) DLLs for it, and thus aren't able to deal with new TLS protocols.
- Nov 5, 2011
- 5,855
- Mar 15, 2017
- 210
It means "Server Name Indication", it's a TLS extension
- Mar 15, 2017
- 210
Hey sorry I thought I would be notified
1. It's not released yet, we hope in a few months.
2. The desktop client will be for anyone, it's like HJT, or OTL. Everyone can use it, either alone or from a helper recommendation. The server-side will be allowed to helpers only.
3. Desktop or Web? Desktop will be translated, just like any other of our software; Web version will most likely be in English and maybe in French, depending on the technical limitations.
1. It's not released yet, we hope in a few months.
2. The desktop client will be for anyone, it's like HJT, or OTL. Everyone can use it, either alone or from a helper recommendation. The server-side will be allowed to helpers only.
3. Desktop or Web? Desktop will be translated, just like any other of our software; Web version will most likely be in English and maybe in French, depending on the technical limitations.
- Mar 15, 2017
- 210
Here's very early screenshots of the Web UI:
- Mar 15, 2017
- 210
Another one just to show you the link between desktop and web:
- Mar 15, 2017
- 210
Hey y'all
I just wanted to give you a heads up, Adlice Diag is finally ready and available as a BETA version !
I made an announcement and here's the download page, please for now don't use for malware removal (in clear don't make it use by someone else), and please send some feedback !
Introducing Adlice Diag (Anti-malware Diagnostic) - Adlice Software
Adlice Diag (Anti-malware diagnostic) Free Download - Official Website
I just wanted to give you a heads up, Adlice Diag is finally ready and available as a BETA version !
I made an announcement and here's the download page, please for now don't use for malware removal (in clear don't make it use by someone else), and please send some feedback !
Introducing Adlice Diag (Anti-malware Diagnostic) - Adlice Software
Adlice Diag (Anti-malware diagnostic) Free Download - Official Website
Thanks so much. I am sure plenty will be happy to see this. I am going to try out the 64bit portable version. Did you want us to use this against real malware in a VM?
Just did a scan with portable and the memory seems high. Is this normal?
- Mar 15, 2017
- 210
Hey, yes we are aware of that memory issue, it's in the roadmap for version 1. But thanks 
Here's an example of uploaded report (infectious, test machine), it's much easier to read than the usual .txt
Adlice Diag
Here's an example of uploaded report (infectious, test machine), it's much easier to read than the usual .txt
Adlice Diag
- Apr 13, 2013
- 3,224
Tigzy- For a beta, pretty nice job. I mean no criticism, but just wanted to share a quick and dirty run I did with your product:
A peppy scan considering what it does. Did very well (better than MB and HMP) against persistent worms. Although some of the initial vectors are left in place, autostart functionality is prohibited and these can be deleted manually without issue.
But going forward, please check out the persistent mechanisms from things like Tofsee and Emotet botnets. Although initial detection is nice, eradication of persistence is better. Also, check out stuff like PowerLurk and/or WMI Ghost (Namespace root\subscription isn't always enough); and a dll dropping RAT like Glass could also stand a review.
A peppy scan considering what it does. Did very well (better than MB and HMP) against persistent worms. Although some of the initial vectors are left in place, autostart functionality is prohibited and these can be deleted manually without issue.
But going forward, please check out the persistent mechanisms from things like Tofsee and Emotet botnets. Although initial detection is nice, eradication of persistence is better. Also, check out stuff like PowerLurk and/or WMI Ghost (Namespace root\subscription isn't always enough); and a dll dropping RAT like Glass could also stand a review.
- Mar 15, 2017
- 210
@cruelsister thanks for the advice If you have ready to read links please let me know, otherwise no problem I'll search
Is it missing persistence locations, that's what you say? Do you have pointers for me? (registry keys? WMI namespace?)
If you have ready to read links please let me know, otherwise no problem I'll search Is it missing persistence locations, that's what you say? Do you have pointers for me? (registry keys? WMI namespace?)
- Apr 13, 2013
- 3,224
Hope the PM will assist. And I really like what you are attempting to accomplish, and I hope I'm not being a Bitch...
M
M
- Apr 13, 2013
- 3,224
T- you'll notice that I included a Java Banker (spawns to skype.exe in Roaming). Your product will detect and eradicate it. But for giggles, run either (or both) Malwarebytes and HitManPro on a system infected with it- nary a peep. So right out of the box (with the initial Beta), Diag is superior in certain aspects to some established well regarded products (You should be Proud).
One other thing- You'll notice that the Emotet will spawn a sister- fondueprxy.exe. Although Diag will indeed detect it, as it will create a Service it will restart with Windows as the persistence routine will remain in place. It's a credential stealer and is Smart Card aware. It will collect and pulse out this info to a whole host of unsavory places (and people still say WF is enough. Sigh...).
One other thing- You'll notice that the Emotet will spawn a sister- fondueprxy.exe. Although Diag will indeed detect it, as it will create a Service it will restart with Windows as the persistence routine will remain in place. It's a credential stealer and is Smart Card aware. It will collect and pulse out this info to a whole host of unsavory places (and people still say WF is enough. Sigh...).
Hi
Just trying to feel my way through Diag. Ran a scan a bit ago and I am not sure but it appears not all exe's are sent to Virus Total? Diag seemed to flag an indexing file. It appears to be a child or spawn, not how Diag is showing it's trees yet.
See screen shot. Oh ya some desktop JPG's seemed flagged also but not included in screen shot. Also it appears the Dashboard and System tab basically show same thing.
Just trying to feel my way through Diag. Ran a scan a bit ago and I am not sure but it appears not all exe's are sent to Virus Total? Diag seemed to flag an indexing file. It appears to be a child or spawn, not how Diag is showing it's trees yet.
See screen shot. Oh ya some desktop JPG's seemed flagged also but not included in screen shot. Also it appears the Dashboard and System tab basically show same thing.
Similar threads
