Adlice Diag - New Diagnotic Tool with Anti-malware engine

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Hey malware hunters and fellow helpers :)

I today come to present you a new tool that will come out soon.
It's currently actively being developed and I wanted to have a discussion with you regarding the features cause we don't want to build yet-another-diagnostic-tool (of course).

Adlice Diag is built on top of the new RogueKiller SDK (the one not released yet!).
It's able to:

- Make a hardware scan (processors count + brand, RAM amount / usage, disk usage, etc.. etc...)
- Make a diagnostic scan with the classic RogueKiller modules: Processes, Services, Tasks, Files, Browser extensions, MBR, Antirootkit.

During this scan, unlike RogueKiller, EVERY SINGLE object is reported, and this is the big difference with the Anti-malware.
All objects are reported into different tabs, a bit like in Autoruns.

- All the objects are scanned with RogueKiller engine, with online signatures (just like an Anti-malware, it downloads the signatures locally and use them for the scan). Detected items are marked with different colours and pre-checked by default.

diag_1024.jpg


- At the end of the scan, a report can be generated. This is another big new feature in this field, the report can be uploaded to our server and the OP is been given a permalink (this is purely optional, report can also be checked out locally). When the OP chooses to upload the report, it's a lot easier for him to just give the permalink back to the helper. We'll decide based on your feedback if privacy is important here (password on report?).

- When the helper clicks the link, it opens the report page on our website. Report is colored and has a nice checkbox-based view, all he needs to do is adjust the items to remove with checkboxes, and generate a removal script (our website handles the removal workflow).

- Meanwhile, the OP is notified a removal script is available (same here, privacy is important so we'll figure out how to make sure the removal scripts are securely signed) and chooses to apply it. At the end, a removal report can be generated the same way but this time the helper can get it directly into the workflow on our website to verify everything went OK.

Thoughts? We planned to maybe extend the website a lot so that all helpers can register and keep track of all their current malware removal status.
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
To clarify, Adlice Diag would complement something like FRST or Hijack This or replace it? Could a regular user deploy this tool in a meaningful way or is it for forensic use only?
It would replace it. It's not rocket science to list all the things installed/registered on a machine. The hard thing is really to determine whether those things are malicious or not. The tool will do both, and when failing to do the classification the helper will be able to know it and to do mitigate it with the tool.

Possible ETA?
2nd quarter (by the end) at best, 3rd most probable.
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Could a regular user deploy this tool in a meaningful way or is it for forensic use only?
It will really be the same philosophy as FRST, deploy, fix and remove. It makes no sense to keep it on a machine afterwards.
However it will make sense for Techbenches and technicians to keep it on a network share/USB key, or helpers, so that the infected machines can be cleaned easily and with minimal reports exchange/copy/paste storms.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Welcome here to MT, Tigzy!
I wish you the best of success to quickly develop this new tool, which will surely be world famous! Adlice Anti-Malware... AAM maybe?

Your famous website is not supported on my Chrome (Cent browser):
"This site can’t provide a secure connection
www.adlice.com
uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."

- but on Firefox all is OK.:
Adlice Software: adlice.com: Adlice Software - The Best Security Software, for FREE

Very nice and useful website! 3 pages of first class high utility softwares, many categories to surf... Ah!
 
Last edited:

Elpibe

Level 3
Verified
Sep 26, 2015
126
Welcome here to MT, Tigzy!
I wish you the best of success to quickly develop this new tool, which will surely be world famous! Adlice Anti-Malware... AAM maybe?
Or maybe AdAM

Your famous website is not supported on my Chrome (Cent browser):
"This site can’t provide a secure connection
www.adlice.com
uses an unsupported protocol.
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
The client and server don't support a common SSL protocol version or cipher suite. This is likely to be caused when the server needs RC4, which is no longer considered secure."

- but on Firefox all is OK.:
Adlice Software: adlice.com: Adlice Software - The Best Security Software, for FREE

Very nice and useful website!
Its not Chrome, its your cent browser.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Or maybe AdAM


Its not Chrome, its your cent browser.
Hello Elpibe,
This same problem (adlice.com website failled to load too) I've on my other Chromium forks: my Opera 36.0, Iron Version 49.0.2600.0, and Slimjet Version 10.0.13.0 based on Chromium 50.0.2661.75

No problem on Firefox forks: Firefox 52.7.0, Nightly (Basilisk), New Moon, SeaMonkey 2.49.2.

To widen the audience of website softwares, it would be nice to get rid of this problem...
 

Elpibe

Level 3
Verified
Sep 26, 2015
126
Hello Elpibe,
This same problem (adlice.com website failled to load too) I've on my other Chromium forks: my Opera 36.0, Iron Version 49.0.2600.0, and Slimjet Version 10.0.13.0 based on Chromium 50.0.2661.75

No problem on Firefox forks: Firefox 52.7.0, Nightly (Basilisk), New Moon, SeaMonkey 2.49.2.

To widen the audience of website softwares, it would be nice to get rid of this problem...

I try slimjet portable and no problem. Its something with your connection, probably you have to change a config to solve it, i dont see any problem with the web
 

lowdetection

Level 7
Verified
Well-known
Jul 1, 2017
317
Currently using RogueKiller portable version, also the commandline one, surely I will look after this new program if also for this there will be a portable version. :)
 
  • Like
Reactions: Nevi and Tigzy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top