PowerTool 4.2 (2011.12.24 , english support)

[savit]

IThurricane (Maker) Blog

Project Home

Downlaod

PowerTool is a free anti-virus&rootkit utility.It offers you the ability to detect,
analyze and fix various kernel structure modifications and gives you a wide scope of the kernel. With its help,you can easily spot and remove malwares hidden from normal software.

PowerTool currently supports the following Windows 32-bit versions:
for Windows PE/Safe Mode/Windows XP/Windows 2003 Server/Vista/Windows 2008 Server/Windows7 SP1 (32bit)

* Microsoft Visual C++ 2008 Redistributable Package (x86) need - http://goo.gl/yoTz

Update Log

2011-12-24 PowerTool V4.2(twitter : http://twitter.com/ithurricane && google+ : ithurricane@gmail.com)
Add:
1. Detect VBR Bootkit(such as Rootkit.Win32.Cidox)
2. Detecting/Memory Forging Attempt by a Rootkit(such as TDL4 variants)

Modify:
1. Enhance Detect IDT Hook
2. Analyze Disk/Register File without load Driver
3. Fix some Offline Analyze BUG.

 

[jamescv7]

RE: PowerTool V3.5.2

Virustotal Result 1/38

Rising listed as Suspicious but the overall of application itself is safe.

 

[bogdan]

RE: PowerTool V3.5.2

No English version for 3.5.2 yet.

 

[moonshine]

RE: PowerTool V3.5.2

This might be useful in the future,

 

[savit]

RE: PowerTool V3.7.2

PowerTool V3.7.2 (support english) released!

 

[savit]

RE: PowerTool V3.8

PowerTool V3.8 (english) released! (2011.06.23)

 

[savit]

RE: PowerTool V3.9 (En)

PowerTool 3.9 (english) Update! (2011.07.17)

 

[savit]

RE: PowerTool (english) 4.02

PowerTool 4.02 (english) Update! (2011.09.02)

Solve ZeroAccess / ADS influenza virus...

 

[McLovin]

RE: PowerTool (english) 4.02

Thanks for keeping us up to date savit

 

[Deleted member 178]

RE: PowerTool (english) 4.02

will keep it on my toolbox.

 

[savit]

RE: PowerTool 4.1 (2011.10.01, english support)

PowerTool 4.1 Update! (2011.10.01, english support)

 

[savit]

PowerTool 4.2 Updated! (2011.12.24 , english support)

 

[Prorootect]

.
THANK YOU, Savit!

This tool seems to be OK. Even I am delighted! Very cool tool.

Very quickly download, portable version 4.2_en! File executable PowerTool.exe : 971 KB.

PowerTool.exe in Process Hacker: Working Set 16.22 MB, Handles 250, Threads 7.

FAST & easy. More elaborate in some properties that XueTr, but similar. For professionals (in use) and curious (to see) ..

In System tab, I have: 'Detection of Image hijack, Result: Tab page in the appropriate recognition.'
- Does this means that they recognized me, Savit? ..:huh:

My MBR seems to be OK.
My VBR seems to be OK.

So this extra tool seems to be OK.!

Many thanks to developer!

.. and I find very cool blog here:
Security Info & Needless Software Info and Remove: http://4savit.blogspot.com/
- useful software only, thank you. I've put it in my Favorites folder ..
.

 

[savit]

In System tab, I have: 'Detection of Image hijack, Result: Tab page in the appropriate recognition.'
- Does this means that they recognized me, Savit? ..:huh:

Autoruns

Powertool

image hijacks ??

 

[Prorootect]

Aaa .. I see! This is w32 grabs me with its Process Hacker. Then w32 Welcome, welcome with your Process Hacker the best version 2.23. - Because System Information window is with all the graphics and all the data, the good old days - Always on Top

Thanks savit for the screens.

 

[Prorootect]

Yes, it's better than XueTr (sorry linxer) - more possibilities, accurate in comments ..

Very COOL PowerTool ..

 

[Prorootect]

ithurricane (from Tokio!), PowerTool developer, use Tweeter: http://twitter.com/ithurricane

 

[Prorootect]

Improvements, I would like to see in the PowerTool software (if possible):

--> in System tab: the possibility (by right click) to make safe the detections that I know safe (eg. put this line in blue, not in red). I see unsafe (in red) detection of Image Hijack, because on my Process Hacker - I notched 'Replace Task Manager with Process Hacker' in its Options .. It's a FP, to correct ..

--> in Kernel tab: I would have Notify Routine first (after click on Kernel tab), then Direct IO would be good ..

--> in Offline tab / Startup/Link: I have 3 lines in blue, but at the bottom of the window I see this inscription: Total: 4.

--> in Startup tab: No Startup count?..

NO other problems. Your software run smoothly and fast on my Windows ..
.

 

[Prorootect]

* Here you have the PowerTool screenshot: http://s48.radikal.ru/i122/1107/da/d5ef7a851927.jpg

This line in red $BadClus:$Bad ADS Stream, on your hard drive:\C - is OK.. I have similar. And I'm clean, I think.

Little reads :

$BadClus explanation by Wikipedia: in NTFS: http://en.wikipedia.org/wiki/NTFS
- 'A file which contains all the clusters marked as having bad sectors. This file simplifies cluster management by the chkdsk utility, both as a place to put newly discovered bad sectors, and for identifying unreferenced clusters. This file contains two data streams, even on volumes with no bad sectors: an unnamed stream contains bad sectors—it is zero length for perfect volumes; the second stream is named $Bad and contains all clusters on the volume not in the first stream.'

Look in Master Boot Record (MBR) and Master File Table (MFT) - More Than Just A Glossary: Information Technology Explained - by software-discounts.co.uk: http://www.software-discounts.co.uk/glossary_m.html - so $BadClus contains bad clusters for the volume.

Also: Analysis of hidden data in the NTFS file system: by Cheong Kai We, on forensicfocus.com: http://www.forensicfocus.com/hidden-data-analysis-ntfs

* Analysis TDL4 aka Alureon.DX with PowerTool: by Onthar: http://translate.google.com/translate?hl=en&prev=/search%3Fq%3Dhttp://onthar.in/articles/analiz-tdl4-aka-alureon-dx/%2523%26hl%3Den%26biw%3D1194%26bih%3D860%26site%3Dwebhp%26prmd%3Dimvns&rurl=translate.google.bs&sl=ru&u=http://onthar.in/articles/analiz-tdl4-aka-alureon-dx/
.