Hawk Eye Analysis Tool (Formerly Orion Malware Cleaner)- by Trident [Deleted]

[bjm_]

Because it is downloaded script, PowerShell may throw an error. You need to right click on the script, then view the properties and unblock the script. This is the recommended way, I don’t advise users to loosen their script execution policies.

Okay...I'll try to get er done
just found Open in Terminal

Administrator

 

[Trident]

It’s actually the space I believe .<space>\sa.ps1 is the right one, just checked.

 

[EASTER]

Or to save yourself a lot of time just use notepad and Select All then Paste into Powershell. It will run just fine here like that.

 

[Trident]

Or to save yourself a lot of time just use notepad and Select All then Paste into Powershell. It will run just fine here like that.

It will but with the rapid expansion of functions this monolithic structure will soon change and components like orConfig.json, orRemediate.ps1, orUI.html, orManual.html will appear... copy/pasting then won't work.

 

[cartaphilus]

Trident submitted a new resource:

Orion Malware Cleaner - by Trident - Removes Active and Persistent Malware, and Restores Health



Read more about this resource...

Restores Health?!!! How the hell do I install it into my brain?!!!

This morning I sneezed and I threw my back out.

 

[Trident]

Restores Health?!!! How the hell do I install it into my brain?!!!

This morning I sneezed and I threw my back out.

Not sure about your brain, but I am obviously way ahead of this version in development and future versions include a CPR Box (Clean, Protect, Revive). This box contains quite a lot of tools to optimize and fix systems. Without installing heavy tuneups.

 

[cartaphilus]

Not sure about your brain, but I am obviously way ahead of this version in development and future versions include a CPR Box (Clean, Protect, Revive). This box contains quite a lot of tools to optimize and fix systems. Without installing heavy tuneups.

You should patreon it for like $1/month

 

[EASTER]

Version 1.17 is now quality tested and ready.

The network monitor is now out (requires PowerShell 7.5.3).

Network monitor starts at the beginning of the scan with 3 threads - one is the collector, second one is the resolver and third one performs the whois lookup. When the scan is finished, the network sampling ends too.

For these informational detections to be previewed, this must be ticked

Saw that. Nice touch.

 

[simmerskool]

This morning I sneezed and I threw my back out.

been there done that

 

[EASTER]

The previous and INCORRECT flagging of Irfanview images abated. However "some" few .TXT detections persist. Example:

Orion:SuspFile!MismatchExt

C:\Users\Technician\Downloads\ContextMenuManager\Readme.txt

Mismatched Extension: Declared .txt, Actual .exe/.dll

Detected

 

[Trident]

The previous and INCORRECT flagging of Irfanview images abated. However "some" few .TXT detections persist. Example:

Orion:SuspFile!MismatchExt

C:\Users\Technician\Downloads\ContextMenuManager\Readme.txt

Mismatched Extension: Declared .txt, Actual .exe/.dll

Detected

Yeah, that heuristic is going away very soon. On the other hand, the script and executable hunting heuristics are very aggressive.

 

[cartaphilus]

been there done that

Not to take it much off topic but damn aging sucks. When I was young I would fall out of the tree and didn't even get a scrape or a bruise; here I freaking sneeze and almost kill myself (I was driving when my back decided to lock up).

 

[EASTER]

Yeah, that heuristic is going away very soon. On the other hand, the script and executable hunting heuristics are very aggressive.

You done a great job with it @Trident

 

[Trident]

You done a great job with it @Trident

The next version 1.18 is the one where the script structure is refactored. It started as a single file but when I realised most of my ideas, this single file became hard to maintain and over 2500 long lines of code.

Apart from the refactor, it introduces the CPR box (Clean, Protect, Revive) and slightly improved report visuals. The 0 file bug proved more stubborn, but I’ve taken care of it another way.

 

[Trident]

Trident updated Orion Malware Cleaner - by Trident with a new update entry:

New Update

This new update brings live process monitor, improved UI, bug fixes, performance enhancements and more.

A comprehensive CPR (clean, protect, revive) toolbox is also integrated.

View attachment 291340

The tool is now distributed with a user manual. Please read the manual before using the tool.

Read the rest of this update entry...

 

[EASTER]

AWESOME WORK! The UI animation adds such a clear WOW factor.

 

[Trident]

AWESOME WORK! The UI animation adds such a clear WOW factor.

View attachment 291341

Now that the UI is more pristine than what it was, I am exploring the potential of integrating VT (with user-pasted key) and/or cloud-based engine (proprietary) that will enhance botnet detection, and potentially introduce YARA rules scanning. Potentially also verify digital signatures on the cloud (that one is likely to be first). This will add dynamic intelligence to the static heuristics but we'll see how it will play out.

 

[Trident]

Trident updated Orion Malware Cleaner - by Trident with a new update entry:

Minor Improvements

This update brings UI enhancements and heuristics improvements.

The report now includes 4 summary panels.

View attachment 291398

Read the rest of this update entry...

 

[EASTER]

Another fine improvement @Trident - Just as expected on my end with regards to Suspicious Persistent Mechanisms

 

[Trident]

Btw the new summary panels are tribute to Norton 360 V 2.0.
They are not a copy of them, slightly inspired.