Specialized Tools and Resources - Dedicated 2-viruses.com

This is a page dedicated to specialized tools and resources that are useful for various malware-fighting and security tasks. Most of these tools are not geared towards malware researches, but for users that need to remove specific difficult to remove parasites. The complete 2-viruses resource directory is available here.

Anti-Rootkit tools

Anti-Rootkit tools are specialized programs to detect and remove rootkits. Although “perfect” rootkit can not be detected (in theory) as they hide its processes and files, most of the rootkits can be detected and removed by one or another program. Some of the antiviruses offer rootkit detection as well.

Rootkit Revealer	Free	Rootkit revealer is an utility made by sysinternals, which was later acquired by Microsoft. It is classic rootkit detection utility, however it works on 32 bit windows systems only.
Gmer	Free	Gmer is advanced rootkit detection and removal utility. Although you can download zip, it offers randomized name executable download which is harder to block for rootkit applications.
TDSS Killer	Free	TDSS Killer, developed in Kaspersky Lab, targets specific rootkit, known as Tidserv, TDSServ or Alureon. This rootkit is quite popular as it causes browser redirection to infected websites. Note: Not all browser redirection is caused by rootkits, for other causes check our redirection guide here.
Sophos Anti-Rootkit	Free	anti-rootkit
Avira AntiRootkit Tool	Free	anti-rootkit
Rootkit Buster	Free	anti-rootkit
F-Secure BlackLight	Free	anti-rootkit
McAfee Rootkit Detective	Beta	anti-rootkit
Panda Anti-Rootkit	Free	anti-rootkit
RootRepeal	Beta	anti-rootkit
Vba32 AntiRootkit	Free	anti-rootkit

Firewalls

Comodo	Comodo Firewall is one of the most widely used free firewalls around. It is efficient, reliable and hard to beat at costs.
Zone Alarm	Zonealarm by CheckPoint is another very popular free firewall
Online Armor	Online Armor is another good firewall with free version available. Paid versions provide anti-phishing filters, web shield and virus/malware protection
PCTools Firewall Plus	A powerful firewall solution by PCTools, free of charge.
Lavasoft Personal Firewall	A powerful firewall solution
Outpost Firewall Pro	A powerful firewall solution
Norman Personal Firewall	A powerful firewall solution
Ashampoo FireWall	Free
Jetico Personal Firewall	A powerful firewall solution

Junkware / Browser cleaners

These tools detect and clean unnecessary toolbars and other programs from your browser. They are useful in cases of browser hijack as long as no other malware is present.

Adwcleaner	Adwcleaner is one of the most used stand-alone browser extension cleaners. It is free program developed by Xplode.
Junkware removal tool	Junkware Removal Tool is a bloatware cleaner made by Thisisu. I faced some problems running it on Windows 8, though it should work perfectly on other versions.

Security Toolbars and browser extensions

Browser extensions try to make browser a bit more secure by automatically scanning the website or checking it against infected website databases. In many cases this functionality is similar to the one provided by Internet Security Suites, however browser extensions are usually free.

Online file scanners

Online file scanners provide a way to check if the file is infected or not. The scanners either check it against one or multiple antivirus engines or unpacks and analyses what the file does (behavioral analysis).

VirusTotal	42 Engines	Virustotal provides one of the most in-depth file scanning services, as it scans each file with 42 detection engines including most popular antivirus and antimalware choices. Although the updates might be 1 day old sometimes, this is very useful website to check if download is infected or not. It allows file up to 20 mb in size.
Virscan.org	36 Engines	Virscan scans up to 20 mb file against 36 antiviruses. The definition update process might be a bit slower than with virustotal, but that is my own impression.
Novirusthanks	24 Engines	NoVirusThanks offers scanning with 24 antivirus engines. The upload is maximum 20 mb. Also it offers basic website scan for iframes.
Jotti	19 Engines	Jotti scans each file towards 19 Linux-based antivirus programs and submits the infected file to antivirus companies.
Filterbit	10 Engines	Filterbit scans file with 10 antivirus engines. What makes this service different, it is a demo version of Metascan – a SDK for building on-demand multiple antivirus scanners yourself.
Anubis	Behavioral	Anubis performs behavioral windows executable analysis, that is provides information what submitted program does. This service is useful to determine if executable performs some strange, possibly malicious operations or something it should not do. The results show which registry and file keys the program tries to access, which files are created or accessed, what devices the application tries to use. The results are provided on-the-fly.
Sunbelt	Behavioral	Sunbelt Sandobox provides behavioral analysis for executable sample. You will have to provide a working email address for the results.
ThreatExpert	Behavioral	ThreatExpert provides behavioral analysis for files up to 5 MB. The size limitation is the biggest drawback of this service, as many of the analyzers accept bigger files.
Camas	Behavioral	Comodo Instant Malware Analyzer provides web-based results for submitted file samples. Although at first it shows only basic file tests like its MD5 sum, after a minute or so you will get a full report. The service is faster than Anubis.
Xandora	Behavioral	Xandora is created by the Panda Labs. It provides scanning of binary files or archives, supports Zip archives with passwords so malware can pass antivirus engines on researchers PC.
Joebox	Behavioral	Joebox allows choice on what OS and how the infected binary will be run. It also allows some additional control on how the binaries will be tested. Archives are supported.

Websites scanners and blacklists

IPVoid.com	Ipvoid scans multiple blacklists for IP address. It will find out if IP address was already detected for spamming or malware distribution
URLVoid	An URL meta-scan engine. Scans several blacklist databases for url
Google Safebrowsing	Google site check. Provides information about url and its ip address, together with info about malware detected on particular website
Wepawet	A tool for analyzing PDF, flash or Javascript samples for malicious actions
PhishTank	PhishTank

Update 06/21/2012. TDSS Remover link removed – no longer works.