SpyDLLRemover is the standalone tool to efficiently detect and delete spywares from the system. It uses multiple techniques such as direct syscall implementation, CSRSS process handle detection, PIDB method etc to find out the user land rootkit processes.
But the main focus of the tool is to help in removing malicious DLLs quickly and easily by displaying all DLLs within the process with various threat levels and then using the DLL injection based technique to unload them completely. It employs low-level implementation that makes it effective against any userland rootkits.
SpyDLLRemover in Action
Features:
* Detect hidden userland rootkit processes using multiple techniques
* Detect the hidden DLL/module within process by using loaded list traversal technique.
* It uses the direct system calls to perform process related operations which defeats any attempt to hide by userland rootkits.
* Separate out the modules/DLLs based on the various threat levels such as hidden dll, BHO plugin dll, and system dll, AppInit DLL etc that makes it effective to detect malicious modules.
* DLLs are marked with different color based on threat level, which makes it easy and quick to eliminate the spyware DLLs.
* It presents state of art technique for Removing the DLL from Remote Process based on DLL Injection method to completely unload the DLL in just one click.
* Terminate any suspicious or hidden process directly using NT system calls.
* It has integrated online verification mechanism through ProcessLibrary.com to validate any suspcious DLLs.
* Displays detailed information about all running processes on the system
* Shows detailed information about each loaded DLLs within process to make it easier for manual analysis.
* It is standalone tool which can be executed directly as it does not require any installation.
But the main focus of the tool is to help in removing malicious DLLs quickly and easily by displaying all DLLs within the process with various threat levels and then using the DLL injection based technique to unload them completely. It employs low-level implementation that makes it effective against any userland rootkits.
SpyDLLRemover in Action
 | This image has been resized.Click to view original image |
Features:
* Detect hidden userland rootkit processes using multiple techniques
* Detect the hidden DLL/module within process by using loaded list traversal technique.
* It uses the direct system calls to perform process related operations which defeats any attempt to hide by userland rootkits.
* Separate out the modules/DLLs based on the various threat levels such as hidden dll, BHO plugin dll, and system dll, AppInit DLL etc that makes it effective to detect malicious modules.
* DLLs are marked with different color based on threat level, which makes it easy and quick to eliminate the spyware DLLs.
* It presents state of art technique for Removing the DLL from Remote Process based on DLL Injection method to completely unload the DLL in just one click.
* Terminate any suspicious or hidden process directly using NT system calls.
* It has integrated online verification mechanism through ProcessLibrary.com to validate any suspcious DLLs.
* Displays detailed information about all running processes on the system
* Shows detailed information about each loaded DLLs within process to make it easier for manual analysis.
* It is standalone tool which can be executed directly as it does not require any installation.
Code:
http://rootkitanalytics.com/userland/spy-dll-remover.php
No comments:
Post a Comment