Monday, February 9, 2009

SpyDLL Eraser - Rootkit Analytics Tool

SpyDLL Eraser is our first tool release for our Rootkit Analytics domain.

Title : SpyDLL Eraser ( win32 GUI application)

Description : Tool to remove the specified DLL from one or more processes. Many trojan backdoors, rootkits, other malware and spyware process inject their dll into legitimate processes [explorer.exe, lsass.exe, etc.] to keep their activities hidden and to protect themselves from being killed. Some use DLL injection, while others use plugin approach to get their dll loaded into these legitimate processes. This tool will help to distinguish between normal DLL and malicious DLL and help the user to completely erase it.

Features :
* List all running processes
* For each process following information to be displayed
+ process name
+ full path
+ company name
+ version
+ size
+ process start time
+ process memory details
+ modified/access date
* Display specific icons for different kind of processes such as
system processes, services
* For selected process, display all loaded DLLs with following information
+ DLL name
+ Full path
+ Company Name
+ Size
+ Load/.Reference Count
+ Modified/access date
* Differentiate between statically & dynamically loaded DLLs. User should be able to select only dynamically loaded dlls.
* DLL Search feature to look for specified DLL in all listing
processes and list all these processes
* Remove the user specified dll from all running processes automatically.

More features are being added at the moment. Stay tuned for further updates. Contact us at contact.fingers @, if you have any questions.

- EF

No comments: