Adlice Diag - New Diagnotic Tool with Anti-malware engine

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Hello Elpibe,
This same problem (adlice.com website failled to load too) I've on my other Chromium forks: my Opera 36.0, Iron Version 49.0.2600.0, and Slimjet Version 10.0.13.0 based on Chromium 50.0.2661.75

No problem on Firefox forks: Firefox 52.7.0, Nightly (Basilisk), New Moon, SeaMonkey 2.49.2.

To widen the audience of website softwares, it would be nice to get rid of this problem...
Hey what's your OS? Looks like an old seven without SP1.
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Ok yeah my colleague tells me this version of SNI isn't supported on old XP and Seven versions.
EDIT: Some browsers (including Chrome/ium) are using system (buggy and outdated) DLLs for it, and thus aren't able to deal with new TLS protocols.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Ok yeah my colleague tells me this version of SNI isn't supported on old XP and Seven versions.
EDIT: Some browsers (including Chrome/ium) are using system (buggy and outdated) DLLs for it, and thus aren't able to deal with new TLS protocols.
Thank you, system DLLs are responsible for the trouble
 
Last edited:

Mops21

Level 34
Verified
Honorary Member
Content Creator
Oct 25, 2014
2,351
Hi @Tigzy

I have some questtions about this

1. When will you release it. You have posted it right

2. For which persons is this Programm can a normal/ Home user use this

3. Any infos for the multilanguage Version available

With best Regards
Mops21
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Hey sorry I thought I would be notified
1. It's not released yet, we hope in a few months.
2. The desktop client will be for anyone, it's like HJT, or OTL. Everyone can use it, either alone or from a helper recommendation. The server-side will be allowed to helpers only.
3. Desktop or Web? Desktop will be translated, just like any other of our software; Web version will most likely be in English and maybe in French, depending on the technical limitations.
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Here's very early screenshots of the Web UI:

1522943669428.png


1522943715796.png
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
Hey, yes we are aware of that memory issue, it's in the roadmap for version 1. But thanks :)

Here's an example of uploaded report (infectious, test machine), it's much easier to read than the usual .txt
smile.gif

Adlice Diag
 
  • Like
Reactions: vtqhtr413

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
Tigzy- For a beta, pretty nice job. I mean no criticism, but just wanted to share a quick and dirty run I did with your product:

A peppy scan considering what it does. Did very well (better than MB and HMP) against persistent worms. Although some of the initial vectors are left in place, autostart functionality is prohibited and these can be deleted manually without issue.

But going forward, please check out the persistent mechanisms from things like Tofsee and Emotet botnets. Although initial detection is nice, eradication of persistence is better. Also, check out stuff like PowerLurk and/or WMI Ghost (Namespace root\subscription isn't always enough); and a dll dropping RAT like Glass could also stand a review.
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
@cruelsister thanks for the advice :) If you have ready to read links please let me know, otherwise no problem I'll search :)
Is it missing persistence locations, that's what you say? Do you have pointers for me? (registry keys? WMI namespace?)
 

Tigzy

From Adlice
Thread author
Verified
Developer
Well-known
Mar 15, 2017
210
No problem, the aim is really to make it powerful enough to get rid of anything malicious. Good criticism is good :)
 
  • Like
Reactions: vtqhtr413

cruelsister

Level 42
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
T- you'll notice that I included a Java Banker (spawns to skype.exe in Roaming). Your product will detect and eradicate it. But for giggles, run either (or both) Malwarebytes and HitManPro on a system infected with it- nary a peep. So right out of the box (with the initial Beta), Diag is superior in certain aspects to some established well regarded products (You should be Proud).

One other thing- You'll notice that the Emotet will spawn a sister- fondueprxy.exe. Although Diag will indeed detect it, as it will create a Service it will restart with Windows as the persistence routine will remain in place. It's a credential stealer and is Smart Card aware. It will collect and pulse out this info to a whole host of unsavory places (and people still say WF is enough. Sigh...).
 
F

ForgottenSeer 69673

Hi
Just trying to feel my way through Diag. Ran a scan a bit ago and I am not sure but it appears not all exe's are sent to Virus Total? Diag seemed to flag an indexing file. It appears to be a child or spawn, not how Diag is showing it's trees yet.
See screen shot. Oh ya some desktop JPG's seemed flagged also but not included in screen shot. Also it appears the Dashboard and System tab basically show same thing.
ScreenHunter_114 Jun. 09 09.54.jpg
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top