Unknown Malware Remover (UMR)

Published: July 30, 2008

Aka: Unknown Malware Remover

File size: 376 KB (385,055 bytes)

MD5...: 1b9cbc9ac1f50b9fd3183f0893661cf0

SHA1..: 4587af7aae9adfb8af9dc162319e05157077e07c

SHA256: ba6f8ab45229ed32daf0382ca3506df377763d4a0d2518fdf0d5bae428d73b9a

SHA512: 328053f25a3955095e6875523bcb54e3c1ec7a716b1ea11dff61339142b63727
69f1229272534da0139460f3e78cdf0d2741e33d7b72b0fbd8f97e2d444bf867

Prerequisite: XMD5.dll (provided along with the utility inside the UMR.Zip)

Installation: Simply extract and run MalwareInfo-UMRSignature (MalwareInfo-UMRSignature.exe)

Download Unknown Malware Remover (376 KB)

PE Structure Information:

Base Data:
Entry Point Address.: 0x401484
Time Date Stamp.....: 0x488ee0ee (Tue Jul 29 09:20:46 2008)
Machine Type...........: 0x14c (I386)

Sections:
Name Viradd Virsiz Rawdsiz Ntrpy MD5

.text 0x1000 0x279b0 0x28000 7.75 fb639f0488bf22be47ffed1a31733427
.data 0x29000 0x1224 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
.rsrc 0x2b000 0x870 0x1000 3.20 81107ee2ae8e7b5a1fbb3ad8e8e7c7d8

Description:

Unknown Malware Remover or in short UMR is a tool for Malware Researchers and advanced users to get rid of Malwares which are not getting detected by the installed AV Software.

Rest of the description --- COMING SOON ---

 USBActivityMonitor

Published: June 28, 2008

Aka: USBMalwareStopper

Version: 1.0.0

Copyright: MalwareInfo.Org

File size: 236 KB (241,664 bytes)

MD5: c33037410ad1c5987e3695dd20d88b04
SHA1: fd9f2eee0df6850e8b9b225cc7ca7031ff1b42d9
SHA256: ad6a52cee65a171bdd27e5514351c45d31332e7fbbe34bdd2c39123f5eca411c
SHA512: 0f0ce3ea27c08d41852c0da4cde457b4269a993ce014f62e4ca010416c0f942b

f70bb42a75c1221b2bcba43c30815d8ec7faa27930b6e9ee3025bde7c7e96f90

Prerequisite: DotNet Framework 2.0

Installation: Simply extract and run USBActivityMonitor (USBActivityMonitor.exe)

Download USBActivityMonitor (236 KB)

PE Structure Information:

Base Data:
Entry Point Address.: 0x4387fe
Time Date Stamp.....: 0x48919939 (Thu Jul 31 10:51:37 2008)
Machine Type...........: 0x14c (I386)

Sections:
Name Viradd Virsiz Rawdsiz Ntrpy MD5

.text 0x2000 0x36804 0x37000 7.52 fdf3ff7b35c7fcc725a1ac8e201035e4
.sdata 0x3a000 0x87 0x1000 0.33 1cdb5f7439d35c182cc8ddbf947e7a39
.rsrc 0x3c000 0x8b0 0x1000 3.15 798d94823dc1389d0a6791a159ecede3
.reloc 0x3e000 0xc 0x1000 0.01 fd820cb47aec78df391dc9568b8bded5

Imports:
> mscoree.dll: _CorExeMain

Description:

USBActivityMonitor (aka. USBMalwareStopper) is an application that runs in the background and monitors all the drives (fixed & removable) to detect the creation of autorun.inf files. In recent times, there has been an increase in Malwares that spread via USB pen drives. I am sure, everyone of us has been troubled by these absolutely nasty Malwares that causes various unwanted activities in our computers. The frequency in which newer variants of these Malwares are coming out, on numerous occasions, these get undetected by the Antivirus Software running in your computer. The AV Vendors are finding it quite difficult to add the signatures of these Malwares in their daily Virus Definition Updates. As a result, the menace and threat posed by these ever increasing variants are quite significant.

USBActivityMonitor quietly monitors the activities of USB pen drives. From the time they are plugged in till the time they are plugged out. USBActivityMonitor will not just protect your computer from these Malwares, but it also makes sure that others don't get infected by your USB pen drive. USBActivityMonitor will make the Malware (if it finds it there) inside your USB pen drive inactive.

However, at times, there are various USB utilities, viz. Data Backup tools, File Encryption tools that also run automatically from the USB pen drives when they are plugged in the system. To make USBActivityMonitor super intelligent, I have provided a feature by which you can generate the MD5 hash of these useful tools present in your USB pen drive and place them in the exclusion list. When an autorun.inf calls the corresponding file, USBActivityMonitor will check if the MD5 of the app called is present in its exclusion list. If it finds it in the exclusion list, then USBActivityMonitor will skip that file, making sure hat the legitimate files are not detected as false positives.

Hope you will like USBActivityMonitor and please feel free to let me know your experience with USBActivityMonitor. Also, please let me know, if there are any bugs in the application.

 MalwareActivityWatcher

Published: June 29, 2008

Aka: MalwareActivityWatcher

Version: 1.0.0.0

Copyright: MalwareInfo.Org

File size: 212 KB (217,088 bytes)

MD5: 1d905748ced4daab38125f678262cdbc
SHA1: 347943fc1824ac2ed22ef0ecdc6b9c6d4984ee1d
SHA256: 4a9e5e5a759c929397745d6d23f5e890ac5f96bab3367f98961ec1fb42e11221
SHA512: de82f1717de2a3d9ab0eb17519dda3ca2261694de4e843ee24065f37e10f1b8b

04ff3687ea9628b7f9360da5a4c7d2e7d45a6576682991ce73fe05f181c950bc

Prerequisite: DotNet Framework 2.0

Installation: Simply extract and run MalwareActivityWatcher (MalwareActivityWatcher.exe)

PE Structure Information:

Base Data:
Entry Point Address.: 0x432cae
Time Date Stamp.....: 0x48688b41 (Mon Jun 30 07:29:05 2008)
Machine Type...........: 0x14c (I386)

Sections:
Name Viradd Virsiz Rawdsiz Ntrpy MD5
.text 0x2000 0x30cb4 0x31000 7.65 4c36706a4fa00bb482cdf31e9ae046f7
.sdata 0x34000 0xcc 0x1000 0.50 fe79e69162f391f15473d661aa5ff48c
.rsrc 0x36000 0x888 0x1000 3.11 4fb5b21eac4087a682b042133ab859a0
.reloc 0x38000 0xc 0x1000 0.02 a54be523a165245259c709ebd4a10426

Imports:
> mscoree.dll: _CorExeMain

Description:

MalwareActivityWatcher is an application that will help us track the activities of Malwares when they create certain types of files in our Windows installation drive. It will monitor the File System for activities by file types like "exe", "chm", "dll", "com", "cmd", "vbs", "pif", "hta", "sys", "bat", "tmp" etc. These file types are mainly used by Malwares to drop or initiate their payloads.

You can also export the log from MalwareActivityWatcher for later analysis.