Malware Cleaning Disc version 09

Please seed and read the introduction before commenting... -Malware Cleaning Disc ver. 9- by: gobbin1 Release Date: February 05, 2008 System: (primarily) NT/2K/XP ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ MCD is an anti-malware toolkit intended for experienced computer users. The purpose of this compilation is to provide an array of powerful malware analysis, detection, removal, and prevention software in one download. Also included, are some relevant system utilities. This can make for a good emergency disc, a disc for cleaning friends' computers and preventing subsequent infection, or a good starting point for those interested in computer security. The majority of files included are freeware standalones. If you like a program in this release, give some well deserved thanks to its developers by donating to them. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please note: each time this disc is released, someone invariably becomes alarmed when their anti-virus program alerts them of an infected file. AV's use heuristics analysis, which is basically a generic method for catching new malware. The problem is that an AV cannot tell what purposes a certain application or string of code is being used for. For example, look at what the author of an included tool, SmitFraudFix, says on his site: From: http://siri.geekstogo.com/SmitfraudFix.php "process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user." http://www.beyondlogic.org/consulting/processutil/processutil.htm ********************************************************************* Before making any alarmist posts, google the filename and see if you can find information on the file in question, see the author's page (often linked), e-mail it to your AV company, etc. There is no malware in this release! A big reason for the continued release of this kit is precisely because many people view their AV program or Firewall as a magical, complete security solution. Neither of them are! ********************************************************************* MCD Release History: v 1 - Oct 01, 2006 v 2 - Oct 03, 2006 v 3 - Oct 06, 2006 v 4 - Oct 15, 2006 v 5 - Nov 15, 2006 v 6 - Dec 18, 2006 v 7 - Jan 07, 2007 v 8 - Mar 03, 2007 v 9 - Feb 05, 2008 I. File Analysis II. Anti Virus III. Backups, Uninstallers, Undeletors IV. Browsers V. Encryption VI. Firewalls VII. General Cleaning Tools VIII. GRC.com tools IX. Guides X. Hardware Tools XI. Internet Tools XII. Malware Programs/Tools XIII. Rootkit Detection XIV. Sysinternals XV. System Tools XVI. Trojan Removers I. ANALYSIS TOOLS: DeDe - A nice program that lets you analyze executables created with Delphi, versions 2-6. http://www.softpedia.com/get/Programming/Debuggers-Decompilers-Dissasemblers/DeDe.shtml DiE (Detect it Easy) - A utility that scans for packing method. http://hellspawn.nm.ru/ HxD - A very lite and fast hex editor. Also has a system RAM editor. See the site for the full (lengthy) list of features. http://mh-nexus.de/hxd/ ExcpHook - An exception monitor for Windows (alpha). http://code.google.com/p/openrce-snippets/wiki/ExcpHook IDA Pro - A demo version of one of the most powerful decompilers out there. http://www.hex-rays.com/idapro/ Import Reconstructor - Recreate an EXE file's imports if it has a broken PE header. http://vault.reversers.org/ImpRECDef JAD - A freeware, command line decompiler for java files. http://www.kpdus.com/jad.html OllyDbg - A very nice assembly level debugger for win32 files. http://www.ollydbg.de/ PEid - Some more advanced file encryption, build, entry point, etc info. Useful for looking at obfuscated files. http://peid.has.it/ PE Tools - PE editor, task viewer, win32 file optimizer and more analysis, compiling, & packing tools. [includes extreme dumper extension] http://www.uinc.ru/ RDG Packer Detector - A packer detector, of course. http://www.rdgsoft.8k.com Reflector for .NET - This handy tool lets you to decompile .NET assemblies in C# or Visual Basic. http://www.aisto.com/roeder/dotnet/ Resource Hacker - A utility for editing inspecting resources of .exe files. Useful for preliminary inspection of suspicious files. Can also be used to customize context menus/graphics in some executables. http://www.angusj.com/resourcehacker/ Truman - An excellent boot program that lets you test files in a 'sandnet'. Truman even creates a virtual internet for files to interact with, so you can test files without harming your machine. [useful for malware that can detect the commonly used programs VMWARE and Virtual PC] http://www.lurhq.com/truman/ II. ANTI-VIRUS: For info, see http://www.av-comparatives.org/ 1. Programs: Antivir - This consistently ranks as one of the best anti virus apps, and it's free for personal use. http://www.avira.com/ AVG Anti-Virus - I'd say the second best free anti-virus application. However, Antivir has slightly better detection rates. http://free.grisoft.com/ ****** 2. Standalone Scanners: Dr. Web CureIt! - A nice standalone scanner with comprehensive definitions. http://www.freedrweb.com/ Norton Remover - A small tool that completely removes Norton bloatware from a system. http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2005033108162039 PREVX CSI - A standalone virus scanner that used Prevx's definition file. http://www.prevx.com/freescan.asp Sec Check - A small tool that scans for active viruses, trojans, and worms. Your results are sent online and scanned by F-Secure and Clam AV. The results also display a projected scan accuracy for each file. http://www.mynetwatchman.com/tools/sc/ Stinger - A small program that scans for ~40 viruses and their variants. http://vil.nai.com/vil/stinger/ Vcleaner - A tool from the makers of AVG that detects over 700 viruses and variants. http://free.grisoft.com/ III.BACKUPS, Uninstallers, Undeletors: ERUNT - A registry backup program. http://www.larshederer.homepage.t-online.de/erunt/ FreeUndelete - A free, though not terribly powerful data recovery tool. http://www.officerecovery.com/freeundelete/ Mozy Remote Backup - 2gb of free online file backup https://mozy.com/registration/free Restoration - Recover files deleted from the recycle bin. http://majorgeeks.com/Restoration_d4474.html Revo Uninstaller - An advanced freeware program uninstaller. Includes extra removal features, like scans of the hard disk and registry to find extra pieces a regular uninstall misses. Unstoppable Copier - Recover files from damaged sources (i.e., CDs). http://www.roadkil.net/ Yadis - A light, powerful, & easy to use backup program. http://www.codessentials.com/ ZSoftUninstaller - An advanced freeware program uninstaller. Includes extra removal features, like scans of the hard disk and registry to find extra pieces a regular uninstall misses. IV. Browsers: -Firefox 2.0.0.11 installer and some handy extensions. http://getfirefox.com 1. Adblock Plus - Automatically remove advertisements from pages. 2. Bugmenot - bypass login on many sites using right-click. 3. Customizegoogle - many different google customization and privacy features. 5. NoScript - This blocks javascript for every site unless you specifically allow it. Proper use of this adds a huge layer of security. 5. StumbleUpon - Select your interests from a long list, and this addon will let you 'channel-surf' the web. 6. IE Tab - View pages in IE through Firefox! -Opera - A very fast, stable, powerful, and light web browser. The learning curve is rather steep though! (version 9.25) http://www.opera.com/ V. ENCRYPTION: AxCrypt - An easy to use, 128-bit encryption program. http://axcrypt.axantum.com/ Bcrypt - A 63kb command line application that provides 448-bit, blowfish encryption. http://bcrypt.sourceforge.net/ DiskCryptor - A high quality freeware application that lets you encrypt you entire hard drive or just certain files. Also, this is compatible with TrueCrypt! http://www.softpedia.com/get/Security/Encrypting/DiskCryptor.shtml TrueCrypt - A program that provides low and high grade encryption, with plenty of algorithms to choose from. http://www.truecrypt.org/ VI. FIREWALLS: Comodo Firewall - A full-featured, easy to use, freeware firewall. Includes application/component monitoring, self-protect, application behavior analysis, etc. http://personalfirewall.comodo.com/ GhostWall - A mroe basic freeware firewall,, designed to be a quality replacement for the one built into Windows XP and up. http://www.ghostsecurity.com/ghostwall/ Jetico - Here is a freeware alternative to Outpost. This firewall has tested very well at http://firewallleaktest.com Intermediate/ advanced level. At first a bit tough to use, but provides solid protection. http://www.jetico.com/ Outpost Free - The last freeware version of Outpost for intermediate/ advanced users. Takes up less system resources than the pro version, though not as rich in features. http://www.agnitum.com/ VII. GENERAL CLEANING TOOLS: ATF-Cleaner - A small standalone temp file cleaner from atribune. http://www.atribune.org/content/view/19/2/ CCleaner Slim- Comprehensive deleting of temporary data. Also lets you scan for uneeded dll files. The slim version comes sans Yahoo! toolbar. http://www.ccleaner.com/ Eusing Registry Cleaner - Though not as powerful as JV16, this freeware cleaner is one of the better alternatives. http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm JV16 Powertools Free - The last freeware version of this program was almost as powerful as the latest release. http://oldversion.com/program.php?n=jv16 JV16 Powertools 2006- Comprehensive assortment of registry and file cleaning/defrag utilities. You can even program your own scripts and automate things like mass file renames with it. The installer includes a detailed pdf handbook. http://www.jv16.org/ MRU-Blaster - Very comprehensive and customizable deletion of MRU files from recently opened files lists. (note: this app does not delete the actual files) http://www.javacoolsoftware.com/mrublaster.html NTREGOPT - A registry optimizer. http://www.larshederer.homepage.t-online.de/erunt/ VIII. GRC APPS: Some very small apps from http://grc.com that take care of some potentiality dangerous features of Windows XP. -Dcombobulator -Shoot the Messenger -Socket Lock/ Socket to me -Unplug n' Pray -Leaktest IX. GUIDES: XP Services Guide - A guide with detailed info on XP services. Can greatly improve system performance & security. Guide to testing system security/performance - Provides links to online browser exploit tests, firewall tests, virus tests, internet speed & optimization tests, some security support forum links, and more. Quick Scan Guide - A small guide that tells you how to do a quick & fairly comprehensive malware scan using some of the tools included in this kit. X. HARDWARE TOOLS: AIDA32 - Complete system information utility. http://www.majorgeeks.com/download181.html Cburst32 - Measure bandwidth/latency of computer memory/cache. http://user.rol.ru/%7Edxover/cburst/ CPU-Z - A modern system info tool. Provides detailed motherboard info, voltage, core speed, bus speed, processor info, and more. http://www.cpuid.com/cpuz.php HDspeed - Test hardrive read/write speed. http://www.steelbytes.com/?mid=6 KILLCMOS - Allows you to reset a forgotten BIOS password. http://www.softpedia.com/get/System/System-Miscellaneous/KILLCMOS.shtml Memtest - A small program that checks a system's RAM. http://www.memtest86.com/ PI Benchmark - Benchmark system speed by seeing how long it takes for a machine to calculte pi to a certain amount of digits. Many programs like this use different methods, so results may vary. See the website for more info. http://momonga.t.u-tokyo.ac.jp/~ooura/pi_fft.html PCI32 - Allows you to explore PCI/AGP/etc. at a very detailed level. http://members.datafast.net.au/dft0802/downloads.htm ScienceMark - A 'realistic stressing', freeware system benchmarking tool. http://www.majorgeeks.com/Science_Mark_d2835.html Speedfan - Check system temperatures, voltages (and even overclock your machine) http://www.almico.com/speedfan.php XI. INTERNET TOOLS: HardenIT - An excellent program that helps protect a computer from several types of internet attacks. This takes care of many common attack pathways. http://www.sniff-em.com/ HOSTS File Reader - Helps you change, edit, and scan the hosts file for wrong paths. http://subratam.org IP Tools - 20 network analysis tools. Some of these tools are in the Console Tools. http://www.ks-soft.net/ip-tools.eng/index.htm LSPfix - Used to fix regain internet connectivity (some CWS strains leave you unable to connect!) [*note: if you have spybot installed, it has this feature built in] http://cexx.org/lspfix.htm ProjectWhois - A program that will automatically whois all ips a computer is connected to. http://www.projectwhois.org/ Proxomitron - Makes your true computer identity incredibly hard to decipher by passing through multiple proxy servers. http://www.proxomitron.info/ Putty - A telnet & SSH client. http://www.chiark.greenend.org.uk/~sgtatham/putty/ Sandboxie - Creates a 'virtual sandbox' to prevent data loss that can occur while online (p2p, browsing...) SecureIT - Another excellent tool similar to HardenIT. This one proactively prevents many known and unkown exploits. http://www.sniff-em.com/ SNORT - Widely used network analysis woftware. Track malware, attacks, etc. http://www.snort.org/ Tor - An excellent program that helps anonymize nternet surfing, instant messaging. SSH and more. Their userbase is now in the hundreds of thousands. http://tor.eff.org/ Windows Worms and Doors Cleaner - a simple tool that lets you close ports that trojans commonly use. http://www.firewallleaktester.com/wwdc.htm WinsockxpFix - An XP specific application similar to LSPfix. http://www.majorgeeks.com/download4372.html XII. MALWARE: 1. General Scanners/Tools: AIMfix - Excellent tool that removes all known AIM viruses and malware. http://jayloden.com/aimfix.htm BHOlist - Merijn's application that shows the toolbars you have installed. It also downloads a comprehensive list of malware toolbars so you can make sure yours are safe. http://merijn.org/programs.php Brute Forece Uninstaller - Simple scripting app that allows you to execute commands. This is good for uninstalling stubborn programs/files. http://www.spywareinfo.com/~merijn/programs.php#bfu Bug Hunt - Small utility that detects 4,200+ unique types of malware executables. http://bughunter.it-mate.co.uk/ ComboFix - An oft-used advanced scanner that helps identify some nasty types of malware. http://forums.majorgeeks.com/showthread.php?t=134965 Deckard's System Scanner - This is an updated version of ComboFox (also included in this kit). http://www.geekstogo.com/forum/index.php?autocom=downloads&showfile=19 DLLCompare - Detects hidden dlls as often left by CWS spyware and other malware, but only scans the System32 folder. http://www.cybertechhelp.com/download/file/dll-compare Ewido Microscan - A small but powerful standalone malware scanner. http://www.ewido.net/en/onlinescan/ Get Services - A small utility that lets you analyze XP services in detail, to ensure that none are malware. http://www.bleepingcomputer.com/files/getservices.php HijackThis! - Well known spyware/malware assessment tool. Need help analyzing your logfile? Look here: http://www.hijackthis.de/ http://merijn.org/programs.php#hijackthis HOSTS file - This comprehensive file blocks known malware sites from connecting to your computer. On Windows XP/2K, this can slow down internet speed - here is the solution to this: http://www.mvps.org/winhelp2002/hosts.htm Editors Note: in most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs in W2000 and XP. Windows 98 and ME are not affected. To resolve this issue (manually) open the "Services Editor" * Start | Run (type) "services.msc" (no quotes) * Scroll down to "DNS Client", Right-click and select: Properties * Click the drop-down arrow for "Startup type" * Select: Manual, click Apply/Ok and restart. MGTools - An advanced malware detection app from MajorGeeks. See the link for instructions. http://forums.majorgeeks.com/showthread.php?t=137630 Neo's Safekeys - An onscreen keyboard useful for bypassing keyloggers. http://wiki.castlecops.com/Lists_of_freeware_antikeyloggers PV Find - Another general malware scanner. Useful for removing recent CWS variants. http://www.subratam.org regASSASIN - Delete stubborn registry keys! http://malwarebytes.org RogueRemover - A tool that removes a long list of 'rogue anti-spyware' products. These products do not protect well, are prone to false positives, and can be a pain to remove. See the Guides section for a link to a Rogue spyware reference base. http://www.malwarebytes.org/rogueremover.php SDFix - An advanced system scanner for tracking down changes due to malware infection. http://downloads.andymanchesta.com/RemovalTools/SDFix_ReadMe.htm Show New - Excellent tool that logs system modifications of the last 90 days only. http://forums.majorgeeks.com Silent Runners - A VB Script that helps detect hidden startup files. http://www.silentrunners.org/ Spybot S&D - I like this better than Ad_Aware. Includes some IE hijack protection (blocking bad hosts, easy locking of the HOSTS file, teatimer to monitor system changes, and many other tools) http://www.safer-networking.org/ Startup List - Merijn's more in depth application for detailed scrutiny of possible hijack points/system settings. http://merijn.org/programs.php#startuplist WinPFind - Another good general malware scanner, though it can come up with some false alarms. http://www.bleepingcomputer.com/files/winpfind.php 2. Malware Specific: 2 Brute Force Uninstaller scripts that automate removal of: Alcan, EDGA. http://forums.majorgeeks.com About:Buster - Small app that cleans the many variants of this Internet Explorer malware (CWS related). http://www.malwarebytes.org/aboutbuster.php Apropos Fix - Removes the Aprop malware. http://forums.majorgeeks.com/showthread.php?t=77765 CHODE Fix - gets rid of this malware. http://forums.majorgeeks.com CWSshredder - A tool that cleans some CWS variants. http://www.intermute.com/spysubtract/cwshredder_download.html Cydoor Dummy dll - Some programs won't run if you delete Cydoor's cd_clint.dll replace yours with the dummy file to stop ads and keep program functionality! http://www.cexx.org/dummies.htm E2Takeout - Removes the E2Give malware. http://www.malwarebytes.org/ Fix Wareout - A small program that removes Wareout and related spyware. http://subratam.org/main/ KazaaBegone - Removes all the leftovers Kazaa uninstallation misses. http://merijn.org/programs.php#kazaabegone Look2me Destroyer - Removes the most recent versions of the malware. http://www.atribune.org/content/view/28/ QooFix - Removes the QooLogic malware. http://www.malwarebytes.org/qoofix.php Sidekick Fis - Gets rid of this malware. http://forums.majorgeeks.com Smit Remove - Remove Smit, and related malware. http://subratam.org/main/ Smitfraudfix - Another tool to remove this annoying malware. http://siri.geekstogo.com/SmitfraudFix.php Sp.html-Se.dll Fix - Removes this hijacking malware. http://derbilk.de/malware/index.php Viewpoint Killer - Uninstalls this riskware. http://prprogramsstudios.us.tc/ VX2 Finder - I've included two version of this tool to eradicate all VX2 malware. http://www.subratam.org XIII. ROOTKIT TOOLS: Some standalone scanners: --DarkSpy - http://www.fyyre.net/~cardmagic/index_en.html --GMER - http://gmer.net/ --IceSword - http://www.blogcn.com/user17/pjf/index.html --RootkitRevealer - http://www.sysinternals.com/Utilities/RootkitRevealer.html --RKunhooker [last version] - http://www.rku.xell.ru/ --ROOTCHK - http://www.ejvindh.net/ -HIPS SOFTWARE: DefenseWall - This is one of the best malware prevention programs that uses HIPS. Very light on resources, and no signature file updates needed. 30-day trial shareware version. http://www.softsphere.com/ WinPooch - A freeware, open source HIPS program. http://winpooch.free.fr/page/home.php?lang=en&page=home ProSecurity Free - Another freeware HIPS program. This has a slightly higher range than WinPooch. For more details, see here: http://wiki.castlecops.com/HIPS/IDP_programs/services http://www.proactive-hips.com/ -ROOTKIT SPECIFIC: Aries Remover - Removes the rootkit technology distributed on over 4 million Sony CDs. http://www.majorgeeks.com/Lavasoft_ARIES_Rootkit_Remover_d4912.html Gromozon Remover - A tool that removes all variants of this rootkit. http://www.prevx.com/ -OTHER TOOLS: FileChecker - A program that monitors files & folders that you specify for changes. http://www.javacoolsoftware.com/filechecker.html Rustock.b Fix - Gets rid of this newer rootkit. http://forums.majorgeeks.com XIV. SYSTEM TOOLS: Bugoff! - Merijn's app for fixing 10 critical IE vulnerabilities that haven't been patched (all fixes are undoable). Prevents many CWS variants from infecting a computer. http://merijn.org/programs.php#bugoff Console Tools - A zip file with 25 very small and handy tools: getip, cpuinfo, adapters, BIOSdump, and so on. See the link for a complete list. http://www.wilderssecurity.com/showthread.php?t=110265 Dial a Fix - This simple utility makes things like re-registering commonly used dll's very simple. For example, it re-registers files that could cause Windows Update or Windows Media Player to stop functioning. http://djlizard.net/ FileFind - Search specific folders or drives for a file http://pagesperso-orange.fr/eitang/myinfo.htm#filefind IBProcman - Merijn's Itty Bitty Process Manager. This is handy when some piece of malware shuts down your anti-virus. Use this to kill it! http://www.spywareinfo.com/~merijn/programs.php#ibprocman IEfix - A small utility that can help fix IE if it's not functioning properly. http://windowsxp.mvps.org/IEFIX.htm InCtrl5 - A program that logs all files registry entry changes/additions made by a program install to an html file. This way you can completely undo a program install. http://www.devhood.com/public.aspx?user_id=0003BFFD809BA4EB InUse - A Microsoft utility that lets you replace files that are currently in use. http://download.microsoft.com/download/winntsrv40/Utility/1.3/NT4/EN-US/inuse.exe Killbox - A neat little program that deletes stubborn files. http://killbox.net/ John the Ripper - A program that's useful for recovering XP passwords. Especially useful for accessing the main admin account of a machine you're working on, since some users don't remember their passwords. http://www.openwall.com/john/ Microsoft Baseline Security Analyzer - A more comprehensive windows update. Scans for uninstalled system/MS Office patches and gives other security suggestions. http://www.majorgeeks.com/Microsoft_Baseline_Security_Analyzer_d4105.html nLite - Well known program that lets you customize your windows installs by deleting features you don't use and creating a new ISO. It requires the .NET platform and works for Wndows XP/2003. You can even integrate hotfixes, drivers, and tweaks into the install. http://www.nliteos.com/ NTFS Reader - An NTFS reader for DOS. http://www.ntfs.com/downloads/readntfs.zip PC De-Crapifier - This fully uninstalls a lengthy list of programs that are bloatware - large programs that hog resources and for which better, more efficient alternatives exist. This is specific for the programs that come on Dell PCs, but can be used on any computer with any of these programs. See full list: http://www.yorkspace.com/pc-de-crapifier Powerdefragmenter - Uses (the included) sysinternals file contig.exe to make a GUI defragmenter. http://www.excessive-software.eu.tt/ ProcessUtil - A command line process viewer/killer. http://www.beyondlogic.org/consulting/processutil/processutil.htm RegCool - A powerful, light, freeware registry editor. http://www.majorgeeks.com/download1285.html Safe XP - Small app that secures against many little 'holes' in IE, Windows Media Player, MS Office, Windows Services, TCP, and more. http://www.theorica.net/safexp.htm Security & Privacy Complete - A program that complements Safe XP and x_py. This includes a number of extra security & configuration options for Windows, Firefox, and systems settings. http://sourceforge.net/projects/cmia ShellEx View - A convenient way to view and edit shell extensions. http://www.nirsoft.net/utils/shexview.html StatBar - A smal program that provides tons of vital system stats. http://www.statbar.nl/ Unknown Devices - Makes identifying unknown drivers on a pc much easier. http://www.halfdone.com/ Visual Basic 6 Runtimes (XP) - The latest version of the VB Runtimes. Needed if you get errors when running some of these programs. http://www.microsoft.com/downloads/details.aspx?FamilyID=bf9a24f9-b5c5-48f4-8edd-cdf2d29a79d5&DisplayLang=en WindirStat - Useful program for seeing what's taking up your hardrive space. http://windirstat.info/ x_py - A very small utility that compliments Safe XP' quite well. This one has lots of extra performance, security, and general customization settings. http://xpy.whyeye.org/ Xplorer2 - An alternative to Windows Explorer. http://zabkat.com/ XV. SYSINTERNALS: http://www.sysinternals.com/ AccessEnum - Displays who has access to files or registry keys in a specific folder/part of the registry. Good for tightening user permissions. Autorun - A small utility that gives you detailed autorun, boot execute, winlogon, winsock providers, and more. Contig - A small, command line defragmenter. DiskMon - Monitor harddisk activity. Filemon - Detailed monitoring of disc activity in real time. Handle - Find out what program has a certain file/dir open. PageDefrag - Defragment the Windows Page file. Process Explorer - An advanced process manager from sysinternals. Procmon - Monitor the processes on a computer in real-time. PsTools - Includes the following tools: Psexec, Pskill, Psfile, Pssuspend, and more. Regmon - Similar to Filemon. Monitor registry activity in real time. Sdelete - A small tool for secure file deletion. Sigcheck - Provides file version info and verifies digital signatures of files. Strings - Scan a file for unicode/ascii strings. Sync - Flush cache data to disk. TcpView - Shows tcp and udp endpoints. TdiMon - Monitor tcp/udp activity. XVI. TROJANS: a2 Free - An excellent program to detect trojans, backdoors, and spyware [this program has no real time scanning]. http://www.emsisoft.com/en/ Peper Fix - Removes the Peper trojan. http://subratam.org/main/ (Option Explicit Software) Trojan Remover - Small, well-updated shareware application for trojan detection/removal (although any of the AV's plus other small, freeware tools I've included most often do the job) - 30 day trial http://www.simplysup.com/ VundoFix - Removes the Vundo trojan. http://www.atribune.org/

udp://tracker.openbittorrent.com:80
udp://open.demonii.com:1337
udp://tracker.coppersurfer.tk:6969
udp://exodus.desync.com:6969

gobbin1 (2008-02-14)

Of course you didn't bother looking into what these files were, and assumed your anti-virus was correct. But IT WASN'T; IT'S A FALSE POSITIVE. Maybe you should READ THE INTRODUCTION. Here are the files your AV most likely flagged:
1. KillCMOS - This helps you reset a bios password. Here's what the OFFICIAL DOWNLOAD FROM SOFTPEDIA.COM SAYS:
"Note: Some antivirus and antispyware programs flag KILLCMOS as being infected/malware, although the application is perfectly safe and does not pose a threat to your system. This is called a 'false positive'. The term false positive is used when antivirus software wrongly classifies an innocuous ( inoffensive ) file as a virus. The incorrect detection may be due to heuristics or to an incorrect virus signature in a database. [Similar problems can occur with antitrojan or antispyware software.]"
2. SmitFraud Fix - If you had read the introduction, you would already know that this will give a false positive, but HERE IT IS AGAIN.
"Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of
such programs, therefore they may alert the user."

3. ProcessUtil - The detection here is the SAME as in #2, because SmitFraud Fix uses process.exe to shut down malware processes.

If you have any other complaints i'll be happy to prove you wrong, but how about YOU DO SOME INVESTIGATION INTO IT.

Admin-Draconis (2008-03-05)

Malware found!!

Tactcom (2008-06-22)

Cheers; gobblin - do you happen to know where i can find a copy of the Lspeed client?

D9N (2008-06-23)

smitfraudfix is allways found as virus/spyware/trojan in allmost all antivirus programs... but its not ...

CHKDSK (2008-07-20)

tweakin4daze is just jealous ;P in fact i tasted it yummy craze N goody chunky bits :P & it cleaned my wickedness haha. now tweakin4daze go under yar mum's skirt and ask for sum lollipop :)

chooibah (2008-12-13)

If you find a potential virus in this torrent then surely it would make sense to investigate it.... wouldn't it? After all if you are downloading this then I would presume there would be a degree of technical ability??
Gobbin1, looks like you've really put some effort into this compilation and kept everything legal too! Downloading at the moment, just wanted to thank you for your efforts as it looks awesome.
You could add FileASSASSIN or maybe instructions on using PendingRenameOperations to delete on reboot (not sure how these methods compare to KillBox) and maybe Malwarebytes' Anti-Malware.
Thanks Again!

awudu (2009-02-11)

gobbin, why didn't you put this in an iso form so people can go offline (safe mode) and scan for viruses, malwares, spyware san dperform other tasks of the ISO bootable disk?

Darkdevild25 (2009-02-15)

ther is a trojan inside!
i got i alerd >trojan removed!
Trojan!!!