Use it and enjoy – any bug Please send to Email thecrackers_group <>at<> yahoo <>Dot CA
Venak & Avenak scanner is tool for protection your system form some threat files likes spys, viruses, worm and rootkits.
It reality this is a detection tool. This tool also use from a new technology that called MPS (Main Protection System).
In fact Main Protection System or MPS is a cause and effect system. MPS is a logical system.
The MPS like a tracer, any Service, process or Driver has own File, with this method we will trace route any threat or function on windows.
All events likes: • Processes (Heaps, Modules, Handlers, Threads, Processes Addresses and Process Sign) • Md5 Signature • List of Derivers in system with their states • Unloading Kernel Drivers • Services • All active Ports ( TCP/UDP) • Files types • Give Handlers ( Explorer's name , Page's Name , Hwnds) • Event log monitoring • Startup files • Explorer files • Explorer Registry keys – Beta 2 • Monitoring ports and users – Beta 2
• Sensitive strings
The sensitive string is way for finding some viruses that makes same name likes Svchost, Lsass, Winlogon and many other original windows functions, if any process has same name like those the Program makes an alert and shows a security threat.
For example if any process be in "C:\windows\" and have "svchost" name it's already a threat.
You can audit this method and make the special sensitive for yours. When the system finds any problem, makes an alert.
• Analyzing the Processes with PID Brute Force
Some rookits try to hide own Process PID, with this trick we can find these processes.
Some tools like Fu and some Hidden Processes with an SSDT Hook use this method to hide them self. Also these tool use by changing in NewZwQuerySystemInformation functions and analysis the results and filter them.
They try to change the query of these process lists and when we are using by some basic function in "kernel32.dll" we see the filter result.
As this point we can find the other tools like some protection tool for example: Rootkit removers and some Viruses scanners.
Some files that didn't have any path string are a threat.
• IAT ( Import Address Table)
IAT is a global table that contains a list of all the function pointers to any function mapped into the running process.
With this tool you can see all these value for per process.
• Online Testing
Online testing is a powerful part of this program.
Like most antivirus this program have a potential method with using from shell programming in windows.
With online searching, when you're open your Explorer like IE or Windows Explorer the system fined your current target (Folder).
The system searching for all Executable files likes DLLs and EXE files in current folder.
After finding these files the program makes a MD5 Signature from all files and start searching in Threat List, when find same Sign, makes an alert.
• Twice extension
The old trick using by viruses programmers is two extensions for one file like: document.txt.exe.
In searching directories when the system find these type files makes an alert and give the signature of file in threat list.
• MD5 Signature
You can see the MD5 signature of any loaded processes and modules in system with this option.
In Beta 1 version finding the threat is manually type but in Beta 2 we have online and automatic testing and detection.
• Path Checking
Path checking is a simple way to detect some loading processes into system as threat.
When In loading processes we have a process with null path file and it isn't be an original services that we detect before ,the system make an alert for this process and it show with Magenta color.