FMA Intel-Secure: (CCSU PR-Guard) Edition 2015

[Nico@FMA]

I found couple of malware in some LOGS but this is kind a slow.

View attachment 57195

With other programs (like FRST) you can find staff much faster.

That is true for a untrained eye, also there are some tools can can automate the search (Just do not know out of the top of my head which one) But yeah forensic work takes time specially if you have to digg trough loads of logs, yet the information provided exceeds anything on the market, i know that much as this has been checked and validated.
Anyway nice work keep it going.

 

[Nico@FMA]

Simply put, the Swiss Army knife idea has my vote, speaking as a home user and side tech that is always in search of powerful, all-in-one tools "preferably portable".

Thanks for your reply.
Yes the army knife thing is something i will take into consideration as this has my vote to. But i want to see what the other guys say.

 

[frogboy]

Really? Do you think @Nico@FMA wants to infect you?

No i just do not trust FileHippo these days because of bundleware.

 

[frogboy]

Why?

They have been having bundle ware issues.

 

[Nico@FMA]

They have been having bundle ware issues.

Well i just got accepted on Download.com (CNET) which is by far the largest site to publish your software.
And while they have a very respectable name, even they bundle your software and give the developer money per download IF and only IF you choose so. (I did not)
Filehippo has software on it that is not bundled, so its not their fault... its the choice by the publisher to participate in their ad system.

Cheers

 

[frogboy]

Well i just got accepted on Download.com (CNET) which is by far the largest site to publish your software.
And while they have a very respectable name, even they bundle your software and give the developer money per download IF and only IF you choose so. (I did not)
Filehippo has software on it that is not bundled, so its not their fault... its the choice by the publisher to participate in their ad system.

Cheers

That will do me. Thanks.

 

[Av Gurus]

That is true for a untrained eye, also there are some tools can can automate the search (Just do not know out of the top of my head which one) But yeah forensic work takes time specially if you have to digg trough loads of logs, yet the information provided exceeds anything on the market, i know that much as this has been checked and validated.
Anyway nice work keep it going.

How about to make or to add some quick analyze tool for this logs?
Or some tool to compare clean and infected logs and give the difference between this logs?

This would help less experienced users and the program would be more user friendly.

 

[hacheafleur]

Hi Nico@FMA,

I do not doubt the effectiveness of the software and I'm really surpri by its very detailed reports

Do not blame the app engine please, for the 04 steps he made them in 3 hours and 10 minutes. He started at 2:23 Wmi-software to end up all-crypted at 5:33.

no mistake of the event viewer

My config is: Windows 7 Pro x64, Intel Pentium CPU 3GHZ, 3gGB

Otherwise I just wanted to know is what it takes for a license?

Thanks for your report about PPA. (Point to Point Analysis)
No its not normal for PPA to run for 7 Hours. However on a very poorly maintained computer with loads and loads of residue of old files and register keys it can take up a hour or even 2 hours. The situation becomes much worse if your config has serious issues.
PPA is designed to literally cross reference each file, key, process, driver and every single config setting you have.
So if this is a mess then yes PPA can take up to lets say max 3 hours on a 4GB 2GHZ Windows box.

But 7 hours? Naah then it crashed for whatever reason or keeps looping due to the windows core not being able to process the data correctly.
If i may ask could you tell me what PC you have and the config? Because PPA is known to have a problem with Home versions of Windows 7.
I just want to eliminate some things before blaming PPA engine as so far you are the first to report this.
Also did you run the scans 1 by 1 starting from 1 to step 4 and did you allow them to properly finish (They will close by them self after finish) Also do not open the logs during scans this can crash individual modules.
You might also check the Windows event viewer and see the error code why PPA stopped working.

In regards to the 34,1MB folder called logs which has 64 files yes that's normal as CCSU spits out a serious amount of data.

So please provide some more info.

Kind Regards
Nico

 

[Xtwillight]

Hello Nico and excuse me,
Currently have little time
I a have a training
bye schooling with members unite against malware of the German trojanerboard.de

If I have more time again, I will make again more
for FMA.

Even our old forum Board has been deleted
by the operator.

As are now new Online
under http://pc-service-hilfe.de

mfg Dark

 

[Nico@FMA]

Hi Nico@FMA,

I do not doubt the effectiveness of the software and I'm really surpri by its very detailed reports

Do not blame the app engine please, for the 04 steps he made them in 3 hours and 10 minutes. He started at 2:23 Wmi-software to end up all-crypted at 5:33.

no mistake of the event viewer

My config is: Windows 7 Pro x64, Intel Pentium CPU 3GHZ, 3gGB

Otherwise I just wanted to know is what it takes for a license?

Alright let do this: Put all the log files into a rar archive (Give it a password) upload the rar archive to a free host, give me the link and send me by pm the pass and i will have look myself and see whats wrong. Or upload the logs to our own servers: http://fma-is.com/research/

We have 19 computers here and 5 research servers. I did put CCSU on all night to see if i can reproduce the scanning times.
On one computer we managed to have it scan for little over 3 hours (3 hours and 7 minutes) but i am at a loss here i cannot determine what makes the scan take so long.
So if you send me the logs then i will check them and see what the logs tell me.
And do not worry about your private data, i will not share this keep in mind i do this for a living.
However if something proves to be wrong then ill contact @TwinHeadedEagle or @argus for you and they can help you further.
Again i do not doubt your claims, i am just poised to find out why as really 7 hours is WAY to much.

Can you do that for me?
Kind regards nico

 

[Nico@FMA]

How about to make or to add some quick analyze tool for this logs?
Or some tool to compare clean and infected logs and give the difference between this logs?

This would help less experienced users and the program would be more user friendly.

Yes thats a good idea but thats NOT easy done as the logs all have a different structure.
We have been trying to do this for more then 5 months now, and trust me its not as easy as it would seem.
So usually we use a third-party....program, yet the program we use to use has gone backrupt...
So we are back at square one...

 

[Nico@FMA]

@hacheafleur

First of all thanks for the logs, i have taken a good look and so far everything seems reasonable clean.
I did found some spyware & adware traces (But nothing special) and a bunch of traces of old software and bad removal.
Other then that your pc is fine.
However i did see you are running:
ESET-IS, MBAM, Windows defender while ok. ESET and MBAM both like to scan every single thing my program does, which is ok.
But it also does dramatically increase the time my program needs to scan everything.
And as such some scans where blocked by ESET and my program kept trying. Just for the record our program does work fine next to AV programs and Internet Security solutions, but usually its a better thing to white-list it so that functions within my program get not scanned continuously, some functions run a command PER exe file or PER dll. Which means that a process which should take less then a 2 seconds might take much more as every time the process gets scanned.
That said the logs are far from complete and this is also the reason why it took so long. Some functions where blocked or denied.

I hope this helps, your logs are being deleted from our system.

If you require more information contact me anytime.

Kind Regards
Nico

 

[Vipersd]

Avast gives FP.

 

[hacheafleur]

ok thank you for the time spent to interpret my logs

 

[Nico@FMA]

Avast gives FP.

It has already been submitted to Avast like 10 times now? Not to mention that there are several users here that also did submit it to their AV brand.
But thanks for reporting.

 

[Nico@FMA]

ok thank you for the time spent to interpret my logs

Anytime.

 

[Nico@FMA]

How about to make or to add some quick analyze tool for this logs?
Or some tool to compare clean and infected logs and give the difference between this logs?

This would help less experienced users and the program would be more user friendly.

Hi m8 how is that review coming?

 

[Av Gurus]

I still get acquainted with the program, but I do not have much time.
I think I'll record a short video that would show how the program looks like, what options there are, and so on.
When I record it the first'll give it to you having a look and tell me if it is OK or not.

 

[Nico@FMA]

I still get acquainted with the program, but I do not have much time.
I think I'll record a short video that would show how the program looks like, what options there are, and so on.
When I record it the first'll give it to you having a look and tell me if it is OK or not.

Thats ok m8, actually thats very good.

 

[Nico@FMA]

@Umbra Polaris @Huracan @Jack @exterminator20 @BoraMurdar @Littlebits @Viking @Av Gurus @Cats-4_Owners-2 @illumination @Xtwillight @Fedora @viktik @Malware1 @Terry Ganzi @kram7750 @Kardo Kristal @Dani Santos @MikeV and all others who replied.
Alright i have made up my mind, i will make a Swiss Army Knife edition based upon CCSU.
This will mean it will have extended features yet its not going to be a Glarytool V2 obviously.
It will focus on security analysis, system diagnostic's and repair tools based upon the previous 2 abilities.

So what features do you guys like to see (realistic) and do not mention hips, behavioral blocker and such crap as this is by no means part of such edition and neither does it fit in the scope of the program. So please tell me what features you would like to see in it.
And more important what must these features be able to do. Also hyper advanced features are nice, but simplicity and usefulness is the key here and future options will be based upon this principle.

Also tell me how it should be called: CCSU ............... fill in the dots. (Or a VERY original name)
I encourage ANYONE reading this to come up with feedback, suggestions and idea's.
Also when i am going to make this version (Which i will) this also means that you guys will test it and help me trouble shoot things if needed.


Kind Regards,
Nico