none
Venak & Avenak Detection Scanner Beta Version 1

    Question

  • For future, for the maximum of security, I think tomorrow we must accept the trust every day.
    In today, anything can convert to something like that threat.

    Venak & Avenak Detection Scanner Beta Version 1 is tool for protection your system form some threat files likes spys, viruses, worm and rootkits.

    You do not need to install a driver; we use simple methods and trick to find threats.

    You can download it form https://www.rootkit.com/vault/neocrackr/v.rar

    Use it and enjoy – any bug Please send to Email thecrackers_group <>at<> yahoo <>Dot CA


    Introduction

    Venak & Avenak scanner is tool for protection your system form some threat files likes spys, viruses, worm and rootkits.

    It reality this is a detection tool.
    This tool also use from a new technology that called MPS (Main Protection System).

    In fact Main Protection System or MPS is a cause and effect system.
    MPS is a logical system.

    The MPS like a tracer, any Service, process or Driver has own
    File, with this method we will trace route any threat or function on windows.


    Basic Features

    All events likes:
    • Processes (Heaps, Modules, Handlers, Threads, Processes Addresses and Process Sign)
    • Md5 Signature
    • List of Derivers in system with their states
    • Unloading Kernel Drivers
    • Services
    • All active Ports ( TCP/UDP)
    • Files types
    • Give Handlers ( Explorer's name , Page's Name , Hwnds)
    • Event log monitoring
    • Startup files
    • Explorer files
    • Explorer Registry keys – Beta 2
    • Monitoring ports and users – Beta 2


     

    Extra Features

    • Sensitive strings

    The sensitive string is way for finding some viruses that makes same name likes Svchost, Lsass, Winlogon and many other original windows functions, if any process has same name like those the Program makes an alert and shows a security threat.

    For example if any process be in "C:\windows\" and have "svchost" name it's already a threat.

    You can audit this method and make the special sensitive for yours.
    When the system finds any problem, makes an alert.


    • Analyzing the Processes with PID Brute Force

    Some rookits try to hide own Process PID, with this trick we can find these processes.

    Some tools like Fu and some Hidden Processes with an SSDT Hook use this method to hide them self.
    Also these tool use by changing in NewZwQuerySystemInformation functions and analysis the results and filter them.

    They try to change the query of these process lists and when we are using by some basic function in "kernel32.dll" we see the filter result.

    As this point we can find the other tools like some protection tool for example: Rootkit removers and some Viruses scanners.

    Some files that didn't have any path string are a threat.

     
    • IAT ( Import Address Table)

    IAT is a global table that contains a list of all the function pointers to any function mapped into the running process.

    With this tool you can see all these value for per process.
     
    • Online Testing


    Online testing is a powerful part of this program.

    Like most antivirus this program have a potential method with using from shell programming in windows.  

    With online searching, when you're open your Explorer like IE or Windows Explorer the system fined your current target (Folder).

    The system searching for all Executable files likes DLLs and EXE files in current folder.

    After finding these files the program makes a MD5 Signature from all files and start searching in Threat List, when find same Sign, makes an alert.

    • Twice extension

    The old trick using by viruses programmers is two extensions for one file like: document.txt.exe.

    In searching directories when the system find these type files makes an alert and give the signature of file in threat list.
     
    •  MD5 Signature

    You can see the MD5 signature of any loaded processes and modules in system with this option.

    In Beta 1 version finding the threat is manually type but in Beta 2 we have online and automatic testing and detection.

     
    • Path Checking

    Path checking is a simple way to detect some loading processes into system as threat.

    When In loading processes we have a process with null path file and it isn't be an original services that we detect before ,the system make an alert for this process and it show with Magenta color.


    good luck , nima

    Thursday, January 11, 2007 7:00 PM