PowerTool 4.2 (2011.12.24 , english support)

savit

Level 1
Thread author
Apr 9, 2011
120
IThurricane (Maker) Blog

Project Home

Downlaod

PowerTool is a free anti-virus&rootkit utility.It offers you the ability to detect,
analyze and fix various kernel structure modifications and gives you a wide scope of the kernel. With its help,you can easily spot and remove malwares hidden from normal software.

PowerTool currently supports the following Windows 32-bit versions:
for Windows PE/Safe Mode/Windows XP/Windows 2003 Server/Vista/Windows 2008 Server/Windows7 SP1 (32bit)

* Microsoft Visual C++ 2008 Redistributable Package (x86) need - http://goo.gl/yoTz

Update Log

2011-12-24 PowerTool V4.2(twitter : http://twitter.com/ithurricane && google+ : ithurricane@gmail.com)
Add:
1. Detect VBR Bootkit(such as Rootkit.Win32.Cidox)
2. Detecting/Memory Forging Attempt by a Rootkit(such as TDL4 variants)

Modify:
1. Enhance Detect IDT Hook
2. Analyze Disk/Register File without load Driver
3. Fix some Offline Analyze BUG.

43698f1349540923cd5ad6329258d109b2de49a7.jpg


4cfe8bfc1e178a82c820caecf603738da877e8b3.jpg


5e3732c6a7efce1b612a7d86af51f3deb58f6556.jpg


image1.jpg
 

savit

Level 1
Thread author
Apr 9, 2011
120
RE: PowerTool V3.9 (En)

PowerTool 3.9 (english) Update! (2011.07.17)
 

savit

Level 1
Thread author
Apr 9, 2011
120
RE: PowerTool (english) 4.02

PowerTool 4.02 (english) Update! (2011.09.02)

Solve ZeroAccess / ADS influenza virus...
 

McLovin

Level 76
Verified
Honorary Member
Malware Hunter
Apr 17, 2011
9,222
RE: PowerTool (english) 4.02

Thanks for keeping us up to date savit ;)
 
D

Deleted member 178

RE: PowerTool (english) 4.02

will keep it on my toolbox.
 

savit

Level 1
Thread author
Apr 9, 2011
120
RE: PowerTool 4.1 (2011.10.01, english support)

PowerTool 4.1 Update! (2011.10.01, english support)
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
.
THANK YOU, Savit!

This tool seems to be OK. Even I am delighted!;) Very cool tool.

Very quickly download, portable version 4.2_en! File executable PowerTool.exe : 971 KB.

PowerTool.exe in Process Hacker: Working Set 16.22 MB, Handles 250, Threads 7.

FAST & easy. More elaborate in some properties that XueTr, but similar. For professionals (in use) and curious (to see) ..:cool:

In System tab, I have: 'Detection of Image hijack, Result: Tab page in the appropriate recognition.'
- Does this means that they recognized me, Savit? ..:huh:

My MBR seems to be OK.
My VBR seems to be OK.

So this extra tool seems to be OK.!

Many thanks to developer!

:cool:.. and I find very cool blog here:
Security Info & Needless Software Info and Remove: http://4savit.blogspot.com/
- useful software only, thank you. I've put it in my Favorites folder ..
.
 
Last edited:

savit

Level 1
Thread author
Apr 9, 2011
120
Prorootect said:
In System tab, I have: 'Detection of Image hijack, Result: Tab page in the appropriate recognition.'
- Does this means that they recognized me, Savit? ..:huh:

Autoruns
image1wij.jpg


Powertool
image2wy.jpg


image hijacks ??
image3on.jpg
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Aaa .. I see! This is w32 grabs me with its Process Hacker. Then w32 Welcome, welcome with your Process Hacker the best version 2.23. - Because System Information window is with all the graphics and all the data, the good old days - Always on Top:)

Thanks savit for the screens.
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Yes, it's better than XueTr (sorry linxer) - more possibilities, accurate in comments ..

Very COOL PowerTool ..
 

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
Improvements, I would like to see in the PowerTool software (if possible):

--> in System tab: the possibility (by right click) to make safe the detections that I know safe (eg. put this line in blue, not in red). I see unsafe (in red) detection of Image Hijack, because on my Process Hacker - I notched 'Replace Task Manager with Process Hacker' in its Options ..;) It's a FP, to correct ..

--> in Kernel tab: I would have Notify Routine first (after click on Kernel tab), then Direct IO would be good ..

--> in Offline tab / Startup/Link: I have 3 lines in blue, but at the bottom of the window I see this inscription: Total: 4.

--> in Startup tab: No Startup count?..

NO other problems. Your software run smoothly and fast on my Windows ..
.
 
Last edited:

Prorootect

Level 69
Verified
Nov 5, 2011
5,855
* Here you have the PowerTool screenshot: http://s48.radikal.ru/i122/1107/da/d5ef7a851927.jpg

This line in red $BadClus:$Bad ADS Stream, on your hard drive:\C - is OK.. I have similar. And I'm clean, I think.

Little reads :

$BadClus explanation by Wikipedia: in NTFS: http://en.wikipedia.org/wiki/NTFS
- 'A file which contains all the clusters marked as having bad sectors. This file simplifies cluster management by the chkdsk utility, both as a place to put newly discovered bad sectors, and for identifying unreferenced clusters. This file contains two data streams, even on volumes with no bad sectors: an unnamed stream contains bad sectors—it is zero length for perfect volumes; the second stream is named $Bad and contains all clusters on the volume not in the first stream.'

Look in Master Boot Record (MBR) and Master File Table (MFT) - More Than Just A Glossary: Information Technology Explained - by software-discounts.co.uk: http://www.software-discounts.co.uk/glossary_m.html - so $BadClus contains bad clusters for the volume.

Also: Analysis of hidden data in the NTFS file system: by Cheong Kai We, on forensicfocus.com: http://www.forensicfocus.com/hidden-data-analysis-ntfs

* Analysis TDL4 aka Alureon.DX with PowerTool: by Onthar: http://translate.google.com/translate?hl=en&prev=/search%3Fq%3Dhttp://onthar.in/articles/analiz-tdl4-aka-alureon-dx/%2523%26hl%3Den%26biw%3D1194%26bih%3D860%26site%3Dwebhp%26prmd%3Dimvns&rurl=translate.google.bs&sl=ru&u=http://onthar.in/articles/analiz-tdl4-aka-alureon-dx/
.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top