Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

  Our merchandise, sold here, helps keep the site alive.  


Facebook Follow @GeekOnTheLoose




 Home » OlderGeeks.com Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Advanced Malware Tools   
Files
  File Name Rating Downloads
Last Update/Developer
AlternateStreamView 32bit v1.56
AlternateStreamView 32bit v1.56 AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file. System Requirements This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported. Known Issues It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work... Versions History Version 1.56: Added /RunAsAdmin command-line option for running AlternateStreamView as administrator. About Alternate Streams in NTFS File System NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user. Here's 3 examples of alternate streams usage in Windows operating system: Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it automatically add a zone information for the saved file. This zone information is used for identifying the file as downloaded file from the Internet. The stream name in this case is :Zone.Identifier:$DATA Summary information of files: When ...
5/5 5,401 Nov 13, 2019
Nir Sofer
AlternateStreamView 64bit v1.56
AlternateStreamView 64bit v1.56 AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file. System Requirements This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported. Known Issues It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work... Versions History Version 1.56: Added /RunAsAdmin command-line option for running AlternateStreamView as administrator. About Alternate Streams in NTFS File System NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user. Here's 3 examples of alternate streams usage in Windows operating system: Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it automatically add a zone information for the saved file. This zone information is used for identifying the file as downloaded file from the Internet. The stream name in this case is :Zone.Identifier:$DATA Summary information of files: When ...
5/5 5,497 Nov 13, 2019
Nir Sofer
Attack Surface Analyzer v2.0.163 (Linux)
Attack Surface Analyzer v2.0.163 (Linux) Attack Surface Analyzer is developed by the Microsoft Customer Security and Trust group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software. This version represents a rewrite of the classic tool 1.0 version of the tools released in 2012 which was dedicated to older versions of Windows. Attack Surface Analyzer takes a snapshot of your system state before and after the installation of other software product(s) and displays changes to a number of key elements of the system attack surface. It also allows developers to view changes in the attack surface resulting from the introduction of their code to assess the aggregate attack surface of an organization's line of business applications or on potential customer systems. Potential users of Attack Surface Analyzer include: DevOps Engineers - View changes to the system attack surface introduced when your software is installed. IT Security Auditors - Evaluate risk presented by when third-party software is installed. Core Features The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes. Attack Surface Analyzer currently reports on changes to the following operating system components: File system (static snapshot and live monitoring available) User accounts Services Network Ports Certificates Registry (Windows only) All data collected is stored in a local SQLite database called asa.sqlite. How to Use Attack Surface Analyzer Information on how to use Attack Surface Analyzer can be found on the ...
5/5 584 Nov 15, 2019
Microsoft Corp.
Attack Surface Analyzer v2.0.163 (MacOS)
Attack Surface Analyzer v2.0.163 (MacOS) Attack Surface Analyzer is developed by the Microsoft Customer Security and Trust group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software. This version represents a rewrite of the classic tool 1.0 version of the tools released in 2012 which was dedicated to older versions of Windows. Attack Surface Analyzer takes a snapshot of your system state before and after the installation of other software product(s) and displays changes to a number of key elements of the system attack surface. It also allows developers to view changes in the attack surface resulting from the introduction of their code to assess the aggregate attack surface of an organization's line of business applications or on potential customer systems. Potential users of Attack Surface Analyzer include: DevOps Engineers - View changes to the system attack surface introduced when your software is installed. IT Security Auditors - Evaluate risk presented by when third-party software is installed. Core Features The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes. Attack Surface Analyzer currently reports on changes to the following operating system components: File system (static snapshot and live monitoring available) User accounts Services Network Ports Certificates Registry (Windows only) All data collected is stored in a local SQLite database called asa.sqlite. How to Use Attack Surface Analyzer Information on how to use Attack Surface Analyzer can be found on the ...
5/5 587 Nov 15, 2019
Microsoft Corp.
Attack Surface Analyzer v2.0.163 (Windows)
Attack Surface Analyzer v2.0.163 (Windows) Attack Surface Analyzer is developed by the Microsoft Customer Security and Trust group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software. This version represents a rewrite of the classic tool 1.0 version of the tools released in 2012 which was dedicated to older versions of Windows. Attack Surface Analyzer takes a snapshot of your system state before and after the installation of other software product(s) and displays changes to a number of key elements of the system attack surface. It also allows developers to view changes in the attack surface resulting from the introduction of their code to assess the aggregate attack surface of an organization's line of business applications or on potential customer systems. Potential users of Attack Surface Analyzer include: DevOps Engineers - View changes to the system attack surface introduced when your software is installed. IT Security Auditors - Evaluate risk presented by when third-party software is installed. Core Features The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes. Attack Surface Analyzer currently reports on changes to the following operating system components: File system (static snapshot and live monitoring available) User accounts Services Network Ports Certificates Registry (Windows only) All data collected is stored in a local SQLite database called asa.sqlite. How to Use Attack Surface Analyzer Information on how to use Attack Surface Analyzer can be found on the ...
5/5 646 Nov 15, 2019
Microsoft Corp.
Combofix v19.11.4.1
Combofix v19.11.4.1 ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program. Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper. Windows XP/Vista/7/8 32-bit program. Can run on both a 32-bit and 64-bit OS This program works with Windows 8, but not Windows 8.1 at this time and still no Windows 10 support. :( Click here to visit the author's website.
5/5 7,294 Nov 13, 2019
sUBs
hollows_hunter v0.2.5
hollows_hunter v0.2.5 Scans all running processes. Recognizes and dumps a variety of potentially malicious implants (replaced/implanted PEs, shellcodes, hooks, in-memory patches). Hollows Hunter allows you to scan your full system, searching for potentially malicious implants, and extract them for further analysis. It is an application based on PE-sieve (DLL version), so there is a big overlap of the features between those two. They have a similar command-line interface, but while PE-sieve is an engine dedicated to scanning a single process, Hollows Hunter offers many additional features and filters on the top of this base. More information about similarities and differences described here. Start by familiarizing yourself with PE-sieve by reading the PE-sieve's Wiki. This download is for the 64bit version. If you need the 32bit version, download here. Changes: v0.2.5 FEATURE Added dump reports (dump_report.json) Renamed scan report (from report.json to scan_report.json) Added parameter: /mignore <modules> - to exclude defined list of modules form the scan BUGFIX Fixed bug in libPeConv causing incomplete import recovery Added more patterns to recognize shellcodes Fixed false positive in path comparison (expand relative paths before comparing) Silence out logs in the quiet mode Click here to visit the author's website.
5/5 61 Mar 09, 2020
HASHEREZADE
Metadefender Client v4.1.20.56
Metadefender Client v4.1.20.56 Metadefender Cloud Client is the most thorough free malware analysis tool available. By running data through Metadefender Cloud, Cloud Client performs a deep endpoint forensic analysis for malware using several unique methods. Look for threats and assess the security state of your endpoint if you think it may be compromised. Methods: Memory Module Multi-Scanning: process and dynamic link library (DLL) analysis using over 40 anti-malware engines Local Anti-malware Analysis: a unique and effective analysis of anti-malware log files Rogue IP Detection: ensuring there are no network connections to a rogue IP address using several IP reputation sources Memory Module Multi-Scanning Running over 40 anti-malware engines that use heuristic detection, Metadefender Cloud Client analyzes all running processes and loaded memory modules. It performs a deep scan, analyzing the DLLs accessed by these processes for malware as well. This results in a deeper analysis than that of other free tools like Process Explorer or VirusTotal. And it does all this quickly – in just a few minutes. When you run it, Metadefender Cloud Client begins scanning all processes and DLL files for any threat. Once the analysis is complete, you’ll see a summary at the top of the window of how many potential threats of all kinds were identified. You’re able to click on each individual result and see the specific processes and DLLs that may be infected. Cloud Client is unique in allowing you to review the results on such a granular level. Highlight a process to see the results of the analysis. Click the arrow next to it in order to see the libraries accessed by the application while it runs. Then, click on individual DLL files to see the threats identified, and which specific anti-malware engines identified them. You can also see a list of potentially infected ...
5/5 1,792 Nov 15, 2019
OPSWAT, Inc.
Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642
Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642 Phrozen ADS (Alternate Data Stream) Revealer is a Microsoft Windows program, especially designed to reveal possible malicious ADS files in your file system. Since the Alternate Data Stream functionality is only available for NTFS (New Technology File System), the program is able to scan and detect this kind of files only for this type of file system (Physical Hard Drive/Virtual Hard Drive/Physical Removable Device/Virtual Removable Device). If some ADS Files are detected during the scan you then can decide wether or not you want to keep them or to back them up. You can also have a content preview to detect in one glance if it looks legitemate or not. Phrozen ADS Revealer is the perfect tool to sanitize your NTFS file systems against bloated content or hidden malwares. Another great tool to put in your collection and 100% free. What are Alternate Data Stream Alternate data streams allow more than one data stream to be associated with a filename, using the format "filename:streamname" (e.g., "text.txt:extrastream"). NTFS Streams were introduced in Windows NT 3.1, to enable Services for Macintosh (SFM) to store resource forks. Although current versions of Windows Server no longer include SFM, third-party Apple Filing Protocol (AFP) products (such as GroupLogic's ExtremeZ-IP) still use this feature of the file system. Very small ADS (called Zone.Identifier) are added by Internet Explorer and recently by other browsers to mark files downloaded from external sites as possibly unsafe to run; the local shell would then require user confirmation before opening them.[21] When the user indicates that they no longer want this confirmation dialog, this ADS is deleted. Alternate streams are not listed in Windows Explorer, and their size is not included in the file's size. They are ignored when the file is copied or moved ...
5/5 2,419 Nov 15, 2019
PHROZEN SAS
RunPE Detector v2.0
RunPE Detector v2.0 Phrozen RunPE Detector is a security program, especially designed to detect and defeat some suspicious processes using a generic method. We at Phrozen Software do things differently, more creatively. So, when we set ourselves the task of creating a novel way of detecting, disabling and removing RATs, we didn't want to take the route every other anti-virus company has done before us. Phrozen Software studied the behaviour of RATs and discovered that hackers virtually always use a technique called RunPE. This technique spawns a legitimate process – often the default browser or a Microsoft system process – and replace it with a malicious program code directly in memory. Your computer is thus tricked and treats the malicious code as a legitimate process. The user and his anti-virus program have no idea that his default browser is effectively turned into a virus. RunPE is a technique that is used in several malicious ways. The two most common are : [1] FWB (Firewall Bypass): As its name suggests, this technique is implemented to bypass or disable the Application Firewall or the Firewall rules. Since most malware needs to connect to a remote Command-and-Control (C&amp;C) Server, it needs to connect to the Internet via the Firewall. Since most users are connected to the Internet at home, normally the installed Firewall would prevent the malware from connecting to the Internet. Using the RunPE technique to hijack a legitimate process that is authorized to reach Internet, any malware could subsequently connect to the C&amp;C without being detected by the Firewall. [2] Malware Packer or Crypter: Generally script kiddies – immature hackers - use a well-known type of malware that is already detected by most anti-virus programs. They then try the obfuscate this malware to evade ...
5/5 2,496 Nov 15, 2019
PHROZEN SAS
SecureMyBit Deny v1.4
SecureMyBit Deny v1.4 SecureMyBit Deny is a simple, light and freeware security tool that permits you to deny execution of scripts that rely on Windows Script Host, perform impairment indicators analysis to detect possible malicious behaviours in analyzed executables, type your text safely against keyloggers, mouseloggers, screenloggers, etc. Then you can monitor your file system for changes and new files, detect processes that are connected to ports commonly used by malware and optimize security settings. (Please note that some antivirus or antimalware programs can detect SecureMyBit Deny as malware, we want to specify that this is a false positive, you can add SecureMyBit Deny to the exclusion list of your antivirus/antimalware). What’s new? Fixed heuristic engine false positive of EXE Analyzer (SecureMyBit Deny.exe) Changed ON/OFF text of File System Monitor button (Thanks @ticklemefeet for the suggestion) Fixed bug in Security Ports Scan Fixed critical bug of Text Editor Anti-Logger Fixed bug in File System Monitor Heuristic engine updated to improve ransomware detection, hash computing, decryption code and registry usage of analyzed EXE Added “Clear log” button to File System Monitor Key Features: Deny scripts execution Make USB read-only Text Editor Anti-Logger Perform EXE analysis Security Ports Scan Monitor File System easily Optimize security settings Terms &amp; Conditions: WE AREN’T ABSOLUTELY RESPONSIBLE FOR ANY KIND OF PROBLEMS, DAMAGES, LOSS OF DATA, LOSS OF FILES OR ANY OTHER KINDS OF PROBLEMS. THE SOFTWARE IS PUBLISHED “AS IS”. THERE MAY BE FALSE POSITIVES IN EXE ANALYZER REPORT(S) BECAUSE OF THE HEURISTIC ANALYSIS. Thank you. SecureMyBit Development Team Compatibility Windows Vista Windows 7 Windows 8/8.1 Windows 10 Special Requirement: Microsoft .NET Framework 4.5 Languages: English SecureMyBit Deny Test:
5/5 1,332 Nov 13, 2019
JM Security
SigcheckGUI v1.1.3
SigcheckGUI v1.1.3 GUI front-end for sigcheck.exe from Sysinternals. Scans for fake Root Certificates in Windows that malware uses to infect a computer. Supports: Win7 x32,Win7 x64,Win98,WinVista,WinVista x64,WinXP v1.1.3 - 2016-11-04 + SigcheckGUI now handles passed files and folders. (Thanks, zxhtrzdg) + Added "Clear unknown" to the Clear menu. * Changed/added some icons. * Verified SigcheckGUI works with sigcheck.exe v2.54. Click here to visit the author's website.
5/5 1,698 Nov 15, 2019
Jody Holmes
Simple Software-restriction Policy v2.20
Simple Software-restriction Policy v2.20 A software policy makes a powerful addition to Microsoft Windows' malware protection. In particular, it is more effective against ransomware than traditional approaches to security. If you know about the Linux 'execute permission' bit then you'll understand what this is for. The mode of operation is somewhat different in that execute permission is granted to folders and subfolders rather than individual files, but the intention is the same, to stop undesirable or unknown software from launching unless you OK it. Additionally, it is possible to specify that certain executables (typically browsers and email clients) are run with reduced rights. This is a valuable damage-limitation measure against browser plugin vulns, etc. The protection can be turned off without a reboot whilst installing legitimate software, and will automatically reactivate after a specified time Click here to visit the author's website.
5/5 1,902 Nov 15, 2019
IWR Consultancy
Tron Script v11.0.0
Tron Script v11.0.0 Tron is a glorified collection of batch files that automate the process of disinfecting and cleaning up Windows systems. It is built with heavy reliance on community input and updated regularly. Tron supports all versions of Windows from XP to 10 (server variants included). What is "Tron Script"? Tron is a script that "fights for the User". It's basically a glorified collection of Windows batch files that automate a bunch of scanning/disinfection/cleanup tools on a Windows system. I got tired of running the utilities manually and decided to just automate everything. I hope this helps other techs, admins, and users in general. Tron's goal is to take a badly-running Windows system (bloated, infected, etc) and automate ~85% of the work involved in disinfecting it, removing bloatware, and basically cleaning everything up to get it running well again. That's pretty much it. At this point it seems to accomplish that goal pretty well on most systems. The whole project is built with heavy reliance on community input and updated regularly. Stages of Tron: Prep: rkill, ProcessKiller, TDSSKiller, Stinger, registry backup, WMI repair, sysrestore clean, oldest VSS set purge, create pre-run System Restore point, SMART disk check, NTP time sync Tempclean: TempFileCleanup, CCLeaner, BleachBit, backup &amp; clear event logs, Windows Update cache cleanup, Internet Explorer cleanup, USB device cleanup De-bloat: remove OEM bloatware; customizable list is in esources\stage_2_de-bloat\oem\; Metro OEM debloat (Win8/8.1/2012 only) Disinfect: Kaspersky Virus Removal Tool, Sophos Virus Removal Tool, Malwarebytes Anti-Malware, DISM image check (Win8/2012 only) Repair: Registry permissions reset, Filesystem permissions reset, SFC /scannow, chkdsk (if necessary) Patch: Updates 7-Zip, Java, and Adobe Flash/Reader and disables nag/update screens (uses some of our PDQ packs); then installs any pending Windows updates ...
5/5 2,338 Mar 17, 2020
vocatus
WinDefThreatsView v1.00
WinDefThreatsView v1.00 WinDefThreatsView is tool for Windows 10 that displays the list of all threats detected by Windows Defender Antivirus and allows you to easily set the default action (Allow, Quarantine, Clean, Remove, Block, or No Action) for multiple threats at once. You can use this tool on your local computer and also on remote computer, as long as you have permission to access WMI on the remote machine. For every threat, the following information is displayed: Filename, Threat Name, Severity, Process Name, Initial Detect Time, Status Change Time, Remediation Time, Threat ID, Threat Status, Default Threat Action, and more... System Requirements This tool works only on Windows 10 and Windows 8.1. Both 32-bit and 64-bit systems are supported. You can also use this tool on Windows 7 to connect a Windows 10 remote computer. Start Using WinDefThreatsView WinDefThreatsView doesn't require any installation process or additional DLL files. In order to start using it, simply run the executable file - WinDefThreatsView.exe After running WinDefThreatsView, the main window displays the list of all threats detected by Windows Defender Antivirus. Connect Windows Defender on remote computer In order to view the Windows Defender threats on a remote computer, simply open the 'Advanced Options' window (F9), choose the 'Load threats data from remote computer' option, type the IP address or the computer name of the remote computer and then press the 'Ok' button. If you get 'Access Denied' error on the status bar, you may also need to specify the user name and password to connect the remote computer. Be aware that this feature works only if you have permission to access WMI on the remote machine. Set default action of Windows Defender After the list of all Windows Defender threats is displayed on the main window, you can select one or more threats and then set the default action for ...
5/5 8 Mar 30, 2020
Nir Sofer
   
 
Showing rows 1 to 15 of 15 Showing Page 1 of 1  1 


Copyright (c) 2019


Tweets by @GeekOnTheLoose