PowerTool 4.2 (2011.12.24 , english support)

savit

Level 1
Apr 9, 2011
120
14
IThurricane (Maker) Blog

Project Home

Downlaod

PowerTool is a free anti-virus&rootkit utility.It offers you the ability to detect,
analyze and fix various kernel structure modifications and gives you a wide scope of the kernel. With its help,you can easily spot and remove malwares hidden from normal software.

PowerTool currently supports the following Windows 32-bit versions:
for Windows PE/Safe Mode/Windows XP/Windows 2003 Server/Vista/Windows 2008 Server/Windows7 SP1 (32bit)

* Microsoft Visual C++ 2008 Redistributable Package (x86) need - http://goo.gl/yoTz

Update Log

2011-12-24 PowerTool V4.2(twitter : http://twitter.com/ithurricane && google+ : ithurricane@gmail.com)
Add:
1. Detect VBR Bootkit(such as Rootkit.Win32.Cidox)
2. Detecting/Memory Forging Attempt by a Rootkit(such as TDL4 variants)

Modify:
1. Enhance Detect IDT Hook
2. Analyze Disk/Register File without load Driver
3. Fix some Offline Analyze BUG.

43698f1349540923cd5ad6329258d109b2de49a7.jpg


4cfe8bfc1e178a82c820caecf603738da877e8b3.jpg


5e3732c6a7efce1b612a7d86af51f3deb58f6556.jpg


image1.jpg
 

savit

Level 1
Apr 9, 2011
120
14
RE: PowerTool V3.7.2

PowerTool V3.7.2 (support english) released!
 

savit

Level 1
Apr 9, 2011
120
14
RE: PowerTool V3.8

PowerTool V3.8 (english) released! (2011.06.23)
 

savit

Level 1
Apr 9, 2011
120
14
RE: PowerTool V3.9 (En)

PowerTool 3.9 (english) Update! (2011.07.17)
 

savit

Level 1
Apr 9, 2011
120
14
RE: PowerTool (english) 4.02

PowerTool 4.02 (english) Update! (2011.09.02)

Solve ZeroAccess / ADS influenza virus...
 

McLovin

Level 76
Verified
Trusted
Malware Hunter
Apr 17, 2011
9,222
6,657
RE: PowerTool (english) 4.02

Thanks for keeping us up to date savit ;)
 
D

Deleted member 178

RE: PowerTool (english) 4.02

will keep it on my toolbox.
 

savit

Level 1
Apr 9, 2011
120
14
RE: PowerTool 4.1 (2011.10.01, english support)

PowerTool 4.1 Update! (2011.10.01, english support)
 

Prorootect

Level 53
Verified
Nov 5, 2011
5,847
5,841
.
THANK YOU, Savit!

This tool seems to be OK. Even I am delighted!;) Very cool tool.

Very quickly download, portable version 4.2_en! File executable PowerTool.exe : 971 KB.

PowerTool.exe in Process Hacker: Working Set 16.22 MB, Handles 250, Threads 7.

FAST & easy. More elaborate in some properties that XueTr, but similar. For professionals (in use) and curious (to see) ..:cool:

In System tab, I have: 'Detection of Image hijack, Result: Tab page in the appropriate recognition.'
- Does this means that they recognized me, Savit? ..:huh:

My MBR seems to be OK.
My VBR seems to be OK.

So this extra tool seems to be OK.!

Many thanks to developer!

:cool:.. and I find very cool blog here:
Security Info & Needless Software Info and Remove: http://4savit.blogspot.com/
- useful software only, thank you. I've put it in my Favorites folder ..
.
 
Last edited:

savit

Level 1
Apr 9, 2011
120
14
Prorootect said:
In System tab, I have: 'Detection of Image hijack, Result: Tab page in the appropriate recognition.'
- Does this means that they recognized me, Savit? ..:huh:

Autoruns
image1wij.jpg


Powertool
image2wy.jpg


image hijacks ??
image3on.jpg
 

Prorootect

Level 53
Verified
Nov 5, 2011
5,847
5,841
Aaa .. I see! This is w32 grabs me with its Process Hacker. Then w32 Welcome, welcome with your Process Hacker the best version 2.23. - Because System Information window is with all the graphics and all the data, the good old days - Always on Top:)

Thanks savit for the screens.
 

Prorootect

Level 53
Verified
Nov 5, 2011
5,847
5,841
Yes, it's better than XueTr (sorry linxer) - more possibilities, accurate in comments ..

Very COOL PowerTool ..
 

Prorootect

Level 53
Verified
Nov 5, 2011
5,847
5,841
Improvements, I would like to see in the PowerTool software (if possible):

--> in System tab: the possibility (by right click) to make safe the detections that I know safe (eg. put this line in blue, not in red). I see unsafe (in red) detection of Image Hijack, because on my Process Hacker - I notched 'Replace Task Manager with Process Hacker' in its Options ..;) It's a FP, to correct ..

--> in Kernel tab: I would have Notify Routine first (after click on Kernel tab), then Direct IO would be good ..

--> in Offline tab / Startup/Link: I have 3 lines in blue, but at the bottom of the window I see this inscription: Total: 4.

--> in Startup tab: No Startup count?..

NO other problems. Your software run smoothly and fast on my Windows ..
.
 
Last edited:

Prorootect

Level 53
Verified
Nov 5, 2011
5,847
5,841
* Here you have the PowerTool screenshot: http://s48.radikal.ru/i122/1107/da/d5ef7a851927.jpg

This line in red $BadClus:$Bad ADS Stream, on your hard drive:\C - is OK.. I have similar. And I'm clean, I think.

Little reads :

$BadClus explanation by Wikipedia: in NTFS: http://en.wikipedia.org/wiki/NTFS
- 'A file which contains all the clusters marked as having bad sectors. This file simplifies cluster management by the chkdsk utility, both as a place to put newly discovered bad sectors, and for identifying unreferenced clusters. This file contains two data streams, even on volumes with no bad sectors: an unnamed stream contains bad sectors—it is zero length for perfect volumes; the second stream is named $Bad and contains all clusters on the volume not in the first stream.'

Look in Master Boot Record (MBR) and Master File Table (MFT) - More Than Just A Glossary: Information Technology Explained - by software-discounts.co.uk: http://www.software-discounts.co.uk/glossary_m.html - so $BadClus contains bad clusters for the volume.

Also: Analysis of hidden data in the NTFS file system: by Cheong Kai We, on forensicfocus.com: http://www.forensicfocus.com/hidden-data-analysis-ntfs

* Analysis TDL4 aka Alureon.DX with PowerTool: by Onthar: http://translate.google.com/translate?hl=en&prev=/search%3Fq%3Dhttp://onthar.in/articles/analiz-tdl4-aka-alureon-dx/%2523%26hl%3Den%26biw%3D1194%26bih%3D860%26site%3Dwebhp%26prmd%3Dimvns&rurl=translate.google.bs&sl=ru&u=http://onthar.in/articles/analiz-tdl4-aka-alureon-dx/
.
 
Top