Tigzy

From Adlice
Verified
Developer
Hello Elpibe,
This same problem (adlice.com website failled to load too) I've on my other Chromium forks: my Opera 36.0, Iron Version 49.0.2600.0, and Slimjet Version 10.0.13.0 based on Chromium 50.0.2661.75

No problem on Firefox forks: Firefox 52.7.0, Nightly (Basilisk), New Moon, SeaMonkey 2.49.2.

To widen the audience of website softwares, it would be nice to get rid of this problem...
Hey what's your OS? Looks like an old seven without SP1.
 

Tigzy

From Adlice
Verified
Developer
Ok yeah my colleague tells me this version of SNI isn't supported on old XP and Seven versions.
EDIT: Some browsers (including Chrome/ium) are using system (buggy and outdated) DLLs for it, and thus aren't able to deal with new TLS protocols.
 

Prorootect

Level 53
Verified
Ok yeah my colleague tells me this version of SNI isn't supported on old XP and Seven versions.
EDIT: Some browsers (including Chrome/ium) are using system (buggy and outdated) DLLs for it, and thus aren't able to deal with new TLS protocols.
Thank you, system DLLs are responsible for the trouble
 
Last edited:

Mops21

Level 27
Verified
Trusted
Content Creator
Hi @Tigzy

I have some questtions about this

1. When will you release it. You have posted it right

2. For which persons is this Programm can a normal/ Home user use this

3. Any infos for the multilanguage Version available

With best Regards
Mops21
 

Tigzy

From Adlice
Verified
Developer
Hey sorry I thought I would be notified
1. It's not released yet, we hope in a few months.
2. The desktop client will be for anyone, it's like HJT, or OTL. Everyone can use it, either alone or from a helper recommendation. The server-side will be allowed to helpers only.
3. Desktop or Web? Desktop will be translated, just like any other of our software; Web version will most likely be in English and maybe in French, depending on the technical limitations.
 

Tigzy

From Adlice
Verified
Developer

Tigzy

From Adlice
Verified
Developer
Hey, yes we are aware of that memory issue, it's in the roadmap for version 1. But thanks :)

Here's an example of uploaded report (infectious, test machine), it's much easier to read than the usual .txt

Adlice Diag
 
  • Like
Reactions: BryanB

cruelsister

Level 36
Verified
Trusted
Content Creator
Tigzy- For a beta, pretty nice job. I mean no criticism, but just wanted to share a quick and dirty run I did with your product:

A peppy scan considering what it does. Did very well (better than MB and HMP) against persistent worms. Although some of the initial vectors are left in place, autostart functionality is prohibited and these can be deleted manually without issue.

But going forward, please check out the persistent mechanisms from things like Tofsee and Emotet botnets. Although initial detection is nice, eradication of persistence is better. Also, check out stuff like PowerLurk and/or WMI Ghost (Namespace root\subscription isn't always enough); and a dll dropping RAT like Glass could also stand a review.
 

Tigzy

From Adlice
Verified
Developer
@cruelsister thanks for the advice :) If you have ready to read links please let me know, otherwise no problem I'll search :)
Is it missing persistence locations, that's what you say? Do you have pointers for me? (registry keys? WMI namespace?)
 

Tigzy

From Adlice
Verified
Developer
No problem, the aim is really to make it powerful enough to get rid of anything malicious. Good criticism is good :)
 
  • Like
Reactions: BryanB

cruelsister

Level 36
Verified
Trusted
Content Creator
T- you'll notice that I included a Java Banker (spawns to skype.exe in Roaming). Your product will detect and eradicate it. But for giggles, run either (or both) Malwarebytes and HitManPro on a system infected with it- nary a peep. So right out of the box (with the initial Beta), Diag is superior in certain aspects to some established well regarded products (You should be Proud).

One other thing- You'll notice that the Emotet will spawn a sister- fondueprxy.exe. Although Diag will indeed detect it, as it will create a Service it will restart with Windows as the persistence routine will remain in place. It's a credential stealer and is Smart Card aware. It will collect and pulse out this info to a whole host of unsavory places (and people still say WF is enough. Sigh...).
 

ticklemefeet

Level 22
Verified
Hi
Just trying to feel my way through Diag. Ran a scan a bit ago and I am not sure but it appears not all exe's are sent to Virus Total? Diag seemed to flag an indexing file. It appears to be a child or spawn, not how Diag is showing it's trees yet.
See screen shot. Oh ya some desktop JPG's seemed flagged also but not included in screen shot. Also it appears the Dashboard and System tab basically show same thing.
ScreenHunter_114 Jun. 09 09.54.jpg