ProcessScanner 1.1

With ProcessScanner Uniblue takes the perspiration and guesswork out of researching the processes running on your PC. ProcessScanner not only generates a detailed list of the items already running on your PC, it then goes on to give you valuable information as to the programs these are associated with. Furthermore ProcessScanner will then supply you with valuable information about what each does and the level of risk, or threat, to your computer associated with that process. ProcessScanner is an invaluable tool to help remove the fog that obscures the inner workings of your computer and, what's more, it's free!

Homepage and Download: http://www.processlibrary.com/processscan/
Mirrors

RemoveIT Pro XT - SE 12.2.2008

Locate & remove many new dangerous files including viruses, worms, trojan horses, adwares & spywares that other popular AV programs cannot find. RemoveIT Pro. Version XT - SE has detail report log added including services and full startup files. Service manager added. Runtime & Process Manager added. Some bug fixed.

What is New?
Version v4.
(7.1.2008)
- Detection bugs fixed.
- Core engine updated.

(27.6.2007)
- Few bugs fixed.
- Core engine updated.
- Removal instructions updated.

(21.2.2007)
- Definition engine updated.
- Upgrade Advisor added.
- Partial update included.
- Smart Virus Definition included.
- Windows Vista support included.

RemoveIT Pro v4 - SE in only simple antivirus protection that only scans for viruses from it's database.
- For complete powerful protection check out our RemoveIT Pro v4 Enterprise.
- RemoveIT Pro v4 utilizes High level protection technology (HLP) and virus removal filters which filts all new executable files.

RemoveIT Pro v4 - SE (Free for non commercial use).

Download: http://www.incodesolutions.com/downloads/removeit_pro.exe

Homepage: http://www.incodesolutions.com/
Mirrors

System Information Viewer SIV 3.29

System Information Viewer is a general Windows utility for dumping lots of useful Windows, Network and hardware info - CPU info, PCI info, USB info, Machine Info, Hardware Sensors, Networked computers, Operating System Information and more...

Version 3.29 released on 14-Feb-2008
Updated SIV for Windows Server 2008 RTM and Windows Vista SP1 RTM.
Updated to use Windows Vista SP1 WDK (6001.18000) for SIV the Drivers.
Update for the latest (December 2007) Intel® Processor Identification and CPUID Instruction application note (AP-485).
Restored sensor reporting for the Winbond W83781D and similar sensors that do not have an LPC I/O interface.

Command switches Meaning for SIV V3.29 (10-20-04-14-04-03-10) Released 14-Feb-2008:
-KEY Display actual Product Keys rather than XXXXX-XXXXX-XXXXX-XXXXX-XXXXX.
-DMI When doing [Save] also save the machine BIOS to a .DMI file.
-MONITOR Monitor the CPU Temperature, Fan Speed and Voltage information.
-REMOTE Enable network information display and save operations.
-WDF Enable the Windows Driver Framework (WDF) and Driver Model (WDM) related pages.
-WIZARD Enable the Wizard Cursor (Default is -NOWIZARD)
-DELL Enable use of te Dell BIOS Sensor Interface (Default is -NODELL)
-PROMPT Prompt for Username and Password to access remote systems.
-SAVE Do a [Save] of local information and exit. Use -SAVE -REMOTE for Network.
-SCSI Use IRP_MJ_SCSI Driver Internal I/O Controls for the [SMART] pages.
-UPDATE=n Update the CPU speed, time, memory and sensor information every n seconds (default 2).
eg.: SIV.exe -KEYS

Homepage and Download: http://siv.mysite.wanadoo-members.co.uk/
Mirrors

CoderTools TotalEdit v4.0

Looking for a new text editor? A text editor that can edit code, web pages, and hex as well?

Introducing the award winning TotalEdit. This unique tool allows you to edit in PHP, C , C++, Java, HTML, XML, ASP, JSP, css, javascript and sql. From initial design to finished product TotalEdit helps you to turn your ideas into reality.

For more details see our feature list.

See screen shots of TotalEdit features.

Advanced features include.

* Code Folding (inc. HTML & XML)
* Code Navigation
* Code Compare
* Code Backup
* Code Templating
* File System Explorer
* Project/Workspace
* Hex Editor
* Unicode File Support
* Unicode conversion

TotalEdit is FREE now!

Homepage: http://www.codertools.com
Download: http://www.codertools.com/download.aspx
Mirrors

Bitdefender Labs Antivirus Defense Center

Antivirus software - BitDefender - The future of security now!

maybe they mean yesterday, because before yesterdays updates and some mistakes by the unpacking engine for Inno Setup this months which have been fixed quite fast, it was a top security product.

Packer.XComp.A

BitDefender False positive by using:
Packer Compressor XComp098, XComp097 (XComp & XPack)
info:
XComp/XPack: A freeware PE32-imagefile packer/rebuilder
(c)2007 JoKo, Version 0.98 02/18/2007
from:
http://www.soft-lab.de/joko/ExePack.htm

XComp is in some cases better with compression ratio as upx.
You can compare by self:

XComp/XPack PE32-imagefile packer and/or rebuilder - Freeware

UPX: the Ultimate Packer for eXecutables (Freeware) - Homepage

BitSum PeCompact (Commercial, for students limited free) - Homepage


using LZMA compression and pack some exe, dll files, upload the files to:
VirusTotal - Free Online Virus and Malware Scan

Try upx.exe with parameters --lzma , --best , --ultra-brute
PeCompact highest compression
XComp LZMA method
about NsPack By Nort Star (Commercial), I thing is nothing to say. Just look the result in a hexeditor and see the chaos in the headers, no option to clean/optimize this mess up.

Do they have a research team or do they just drop the signatures of whole packers to them virus database if enough users submit a infected file because someone maybe have used this packer/compressor to pack some viiri into some program applications...
It is the most ridiculous Security System I ever seen.

eMule 0.48a Sins 0.5 packed with XComp 0.98 Analysis
File size: 1701652 bytes
MD5: 2a3fe800941bd32c7495734ed83dc4e1
SHA1: cf8c09fe40369cf921deb1b4e8128914e04ff9bf
sins.exe

Where is the Virus in this sample???

OllyDbg v1.10

Check the files with:
ExEinfo PE by A.S.L.
follow the unpacking hints

BitDefenders unpacking engine mistakes. Scanning a Inno Setup file - Instyler Module 9 !
Problem resolved within 2 hours by 3 following signature updates:

G DATA InternetSecurity 2008 v12 3er - and all Problems are gone?!

TotalCare2008_ESP_COV.exe
GDIS2008_COV_ESP.exe
GDAV2008_COV_ESP.exe
GDAV2008_COV_FRA.exe
TotalCare2008_FRA_COV.exe
GDIS2008_COV_FRA.exe
GDAV2008_COV_ENG.exe
TotalCare2008_ENG_COV.exe
GDIS2008_COV_ENG.exe
TotalCare2008_GER_COV.exe
GDAV2008_COV_GER.exe
GDIS2008_COV_GER.exe

Trial 30 days:

All-round protection against all dangers from the internet!
Info Englisch: http://www.gdata.de/trade/GB/productview_technische/820/16/
Info Deutsch: http://www.gdata.de/unternehmen/DE/archive/160/
3 PC Licenses: € 53,95

Armadillo BitTorrent Mods infection with G Data - Dual engine scan !!!
"I've seen that with BitDefender already that this Armadillo BitTorrent Mods tries from alone to phone out even if they are not started, free run if a access rule have been created in firewall"

BitDefender Antivirus software false positive Packer.XComp.A

Sehr geehrte Blog Leser

Bitdefender Antivirus Signaturen ab den 13. Februar 2008 zeigen die mit dem Exe Packer: XComp/XPack freeware PE32-imagefile packer/rebuilder von JoKo, Version 0.98 sowie 0.97 kompremierten Dateien als Virus Packer.XComp.A an.
Info: http://www.soft-lab.de/joko/ExePack.htm

Dies betrifft nicht nur einige gepackten Dateien hier sondern ganze Software Portale sowie einige Freeware Entwickler die ihre Programme damit gepackt haben um den sozusagenden Monopol auf dem Freeware Sektor "UPX" zu umgehen oder den Packer XComp ganz einfach als eine Alternative verwenden, aber auch bei einigen Dateien eine bessere Leistung mit XComp bringen.

Weshalb ein Virus Namens Packer.XComp.A von Bitdefender der Firma Softwin aus Romaenien ins Leben gerufen wird ist unklar jedoch vermutlich an dessen Entwickler Position an schlichtweg mangelndes Wissen wie die mit XComp/XPack gepackten Programme entpackt werden koennen oder an einer fehlenden Scan engine die das zum derzeitigen Zeitpunkt verarbeiten kann.

Falls Bitdefender als Antivirus Loesung eingesetzt wird und nunmehr mit den updates jene false positive Meldung zeigt, bietet sich folgende Loesung an:

- AV wechseln was unumgaenglich ist wenn ganze Verzeichnisse oder sehr viele Dateien mit XComp gepackt wurden, da Bitdefender keine Filter Einstellungen fuer die Erkennung einer einzelner Virus Signature anbietet mangels Einstellungs Moeglichkeiten. Jedoch fast alle anderen AntiVirus Loesungen insbesondere Symantec Corporate Client/Server bieten dies an.

- Die betroffenen Dateien entpacken mit RL!dePacker von http://ap0x.jezgra.net
einige universal unpacker insbesonder mit upx Leistungmerkmalen koennen eventuell
eine alternative zur RL!dePacker darstellen.

XComp/Xpack setzt keinerlei Software Schutz Mechanismen ein jedoch hat Bitdefender scheinbar mangels einer Scan engine dies als Virus abgezeichnet.

Anzumerken ist das scheinbar Business und Freeware in Rumänien auf ein unerklaerliches Ansehen fuehrt. Insbesondere wenn es sich bei einer Freeware Seite ohne Werbung handelt koennte es den Entwicklern dort zu den Entschluss bringen das es sich dann nur um irgend etwas schadhaftes handeln muss, insbesondere bei Komprimierungs Software.

Wir setzten BitDefender seit ueber 2 Jahren ein und komprimierten saemtlichen Verzeichnissen im Vergleich zu UPX und PECompact mit der bereits mehr als ein Jahr alten Version von XComp/XPack jedoch ist dessen Produkt BitDefender Business Security gestern mit einer Loeschaktion darueber gegangen.

Test Datei BitTorrent.exe upx -d und mit Xcomp gepackt:
bittorrent.exe [568.27 KB]
Ergebniss: http://www.virustotal.com/ro/analisis/d7580b66560471ce5f5aafe7a9ae786d
Ein toles Beispiel upx.exe gepackt mit XComp 265.19 KB
upx.exe false positive packed with Packer.XComp.A

With the question I ask my self about AntiVirus Firms and there Security Products:
Are the most packers listed for example in ExeInfo PE ver. 0.0.1.8 E - ( 360 sign ) by A.S.L. really virus producer or just flop drag n drop signature from the packers, because some people pack with them viruses together into files, these packers/compressors are as virus idented in them positive Virus Databases just like Packer.XComp.A.

Logical it saves a lot of time to put whole packers by string / signature in AV Database as examine the truth inside the packed files and control new/old packer/compression program(s)mers if it's Freeware but not opensource must and should it be on sourceforge.net hosting or a commercial pack/compressor by AV Companies to match in them concepts ?!??!!!

If this is true, I think, maybe the AV Security systems needs to get reformed not only in following reports by language localized PC Magazines AV vs. AV, false positive % / Price value, Quality of research Labs.
Support/Forum/Phone:...Thanks for the advanced friendly English Language knowledge together with the basic product and computer knowledge, just like from a teaching books by the support- or was it the sales team.
Not by asking the simply Questions but by these kind of difficult Questions where they have no answers..!

After lot of testing, its incredible, as soon doing in files other signatures, up to all AV's playing crazy and show different results - Such things like Anti Cheat mechanism is not known. You can scare unwonted users if you do just the signature from a virus into files but not the virus by self. A very private kind of protection.