Processed through Paypal
No account required.


Donate Bitcoin to this wallet:
1KkUMXvQ2ko3xcJkzitB7WYgoW6m79WFfm
Donate Ethereum to this wallet:
0x40E56922F43637224935CDC35e2c96E0392A8505
Donate Litecoin to this wallet:
LLYAFEyqjH69gkyCEpRjXNyedRCWrVChfL

  Our merchandise, sold here, helps keep the site alive.  


Facebook Follow @GeekOnTheLoose




 Home » OlderGeeks.com Freeware Downloads » Anti-Virus, Anti-Malware, Security Utilities » Advanced Malware Tools   
Files
  File Name Rating Downloads
Last Update/Developer
AlternateStreamView 32bit v1.56
AlternateStreamView 32bit v1.56 AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file. System Requirements This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported. Known Issues It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work... Versions History Version 1.56: Added /RunAsAdmin command-line option for running AlternateStreamView as administrator. About Alternate Streams in NTFS File System NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user. Here's 3 examples of alternate streams usage in Windows operating system: Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it automatically add a zone information for the saved file. This zone information is used for identifying the file as downloaded file from the Internet. The stream name in this case is :Zone.Identifier:$DATA Summary information of files: When ...
5/5 5,152 Nov 13, 2019
Nir Sofer
AlternateStreamView 64bit v1.56
AlternateStreamView 64bit v1.56 AlternateStreamView is a small utility that allows you to scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file. System Requirements This utility works on any version of Windows starting from Windows 2000 and up to Windows 10. Both 32-bit and 64-bit systems are supported. Known Issues It seems that starting from Windows 7, the standard 'Open With' dialog-box of Windows stopped working with alternate streams, and thus the 'Open Selected Stream With...' option provided by AlternateStreamView also doesn't work... Versions History Version 1.56: Added /RunAsAdmin command-line option for running AlternateStreamView as administrator. About Alternate Streams in NTFS File System NTFS system has a feature that allows you to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user. Here's 3 examples of alternate streams usage in Windows operating system: Favorites of Internet Explorer: When You add a Web site link into your 'Favorites', a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it automatically add a zone information for the saved file. This zone information is used for identifying the file as downloaded file from the Internet. The stream name in this case is :Zone.Identifier:$DATA Summary information of files: When ...
5/5 5,248 Nov 13, 2019
Nir Sofer
Attack Surface Analyzer v2.0.163 (Linux)
Attack Surface Analyzer v2.0.163 (Linux) Attack Surface Analyzer is developed by the Microsoft Customer Security and Trust group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software. This version represents a rewrite of the classic tool 1.0 version of the tools released in 2012 which was dedicated to older versions of Windows. Attack Surface Analyzer takes a snapshot of your system state before and after the installation of other software product(s) and displays changes to a number of key elements of the system attack surface. It also allows developers to view changes in the attack surface resulting from the introduction of their code to assess the aggregate attack surface of an organization's line of business applications or on potential customer systems. Potential users of Attack Surface Analyzer include: DevOps Engineers - View changes to the system attack surface introduced when your software is installed. IT Security Auditors - Evaluate risk presented by when third-party software is installed. Core Features The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes. Attack Surface Analyzer currently reports on changes to the following operating system components: File system (static snapshot and live monitoring available) User accounts Services Network Ports Certificates Registry (Windows only) All data collected is stored in a local SQLite database called asa.sqlite. How to Use Attack Surface Analyzer Information on how to use Attack Surface Analyzer can be found on the ...
5/5 337 Nov 15, 2019
Microsoft Corp.
Attack Surface Analyzer v2.0.163 (MacOS)
Attack Surface Analyzer v2.0.163 (MacOS) Attack Surface Analyzer is developed by the Microsoft Customer Security and Trust group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software. This version represents a rewrite of the classic tool 1.0 version of the tools released in 2012 which was dedicated to older versions of Windows. Attack Surface Analyzer takes a snapshot of your system state before and after the installation of other software product(s) and displays changes to a number of key elements of the system attack surface. It also allows developers to view changes in the attack surface resulting from the introduction of their code to assess the aggregate attack surface of an organization's line of business applications or on potential customer systems. Potential users of Attack Surface Analyzer include: DevOps Engineers - View changes to the system attack surface introduced when your software is installed. IT Security Auditors - Evaluate risk presented by when third-party software is installed. Core Features The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes. Attack Surface Analyzer currently reports on changes to the following operating system components: File system (static snapshot and live monitoring available) User accounts Services Network Ports Certificates Registry (Windows only) All data collected is stored in a local SQLite database called asa.sqlite. How to Use Attack Surface Analyzer Information on how to use Attack Surface Analyzer can be found on the ...
5/5 340 Nov 15, 2019
Microsoft Corp.
Attack Surface Analyzer v2.0.163 (Windows)
Attack Surface Analyzer v2.0.163 (Windows) Attack Surface Analyzer is developed by the Microsoft Customer Security and Trust group. It is the same tool used by Microsoft's internal product groups to catalogue changes made to operating system attack surface by the installation of new software. This version represents a rewrite of the classic tool 1.0 version of the tools released in 2012 which was dedicated to older versions of Windows. Attack Surface Analyzer takes a snapshot of your system state before and after the installation of other software product(s) and displays changes to a number of key elements of the system attack surface. It also allows developers to view changes in the attack surface resulting from the introduction of their code to assess the aggregate attack surface of an organization's line of business applications or on potential customer systems. Potential users of Attack Surface Analyzer include: DevOps Engineers - View changes to the system attack surface introduced when your software is installed. IT Security Auditors - Evaluate risk presented by when third-party software is installed. Core Features The core feature of Attack Surface Analyzer is the ability to "diff" an operating system's security configuration, before and after a software component is installed. This is important because most installation processes require elevated privileges, and once granted, can lead to unintended system configuration changes. Attack Surface Analyzer currently reports on changes to the following operating system components: File system (static snapshot and live monitoring available) User accounts Services Network Ports Certificates Registry (Windows only) All data collected is stored in a local SQLite database called asa.sqlite. How to Use Attack Surface Analyzer Information on how to use Attack Surface Analyzer can be found on the ...
5/5 379 Nov 15, 2019
Microsoft Corp.
Combofix v19.11.4.1
Combofix v19.11.4.1 ComboFix is a program, created by sUBs, that scans your computer for known malware, and when found, attempts to clean these infections automatically. In addition to being able to remove a large amount of the most common and current malware, ComboFix also displays a report that can be used by trained helpers to remove malware that is not automatically removed by the program. Please note that running this program without supervision can cause your computer to not operate correctly. Therefore only run this program at the request of an experienced helper. Windows XP/Vista/7/8 32-bit program. Can run on both a 32-bit and 64-bit OS This program works with Windows 8, but not Windows 8.1 at this time and still no Windows 10 support. :( Click here to visit the author's website.
5/5 7,037 Nov 13, 2019
sUBs
Metadefender Client v4.1.20.56
Metadefender Client v4.1.20.56 Metadefender Cloud Client is the most thorough free malware analysis tool available. By running data through Metadefender Cloud, Cloud Client performs a deep endpoint forensic analysis for malware using several unique methods. Look for threats and assess the security state of your endpoint if you think it may be compromised. Methods: Memory Module Multi-Scanning: process and dynamic link library (DLL) analysis using over 40 anti-malware engines Local Anti-malware Analysis: a unique and effective analysis of anti-malware log files Rogue IP Detection: ensuring there are no network connections to a rogue IP address using several IP reputation sources Memory Module Multi-Scanning Running over 40 anti-malware engines that use heuristic detection, Metadefender Cloud Client analyzes all running processes and loaded memory modules. It performs a deep scan, analyzing the DLLs accessed by these processes for malware as well. This results in a deeper analysis than that of other free tools like Process Explorer or VirusTotal. And it does all this quickly – in just a few minutes. When you run it, Metadefender Cloud Client begins scanning all processes and DLL files for any threat. Once the analysis is complete, you’ll see a summary at the top of the window of how many potential threats of all kinds were identified. You’re able to click on each individual result and see the specific processes and DLLs that may be infected. Cloud Client is unique in allowing you to review the results on such a granular level. Highlight a process to see the results of the analysis. Click the arrow next to it in order to see the libraries accessed by the application while it runs. Then, click on individual DLL files to see the threats identified, and which specific anti-malware engines identified them. You can also see a list of potentially infected ...
5/5 1,531 Nov 15, 2019
OPSWAT, Inc.
Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642
Phrozen ADS (Alternate Data Stream) Revealer v1.0.5642 Phrozen ADS (Alternate Data Stream) Revealer is a Microsoft Windows program, especially designed to reveal possible malicious ADS files in your file system. Since the Alternate Data Stream functionality is only available for NTFS (New Technology File System), the program is able to scan and detect this kind of files only for this type of file system (Physical Hard Drive/Virtual Hard Drive/Physical Removable Device/Virtual Removable Device). If some ADS Files are detected during the scan you then can decide wether or not you want to keep them or to back them up. You can also have a content preview to detect in one glance if it looks legitemate or not. Phrozen ADS Revealer is the perfect tool to sanitize your NTFS file systems against bloated content or hidden malwares. Another great tool to put in your collection and 100% free. What are Alternate Data Stream Alternate data streams allow more than one data stream to be associated with a filename, using the format "filename:streamname" (e.g., "text.txt:extrastream"). NTFS Streams were introduced in Windows NT 3.1, to enable Services for Macintosh (SFM) to store resource forks. Although current versions of Windows Server no longer include SFM, third-party Apple Filing Protocol (AFP) products (such as GroupLogic's ExtremeZ-IP) still use this feature of the file system. Very small ADS (called Zone.Identifier) are added by Internet Explorer and recently by other browsers to mark files downloaded from external sites as possibly unsafe to run; the local shell would then require user confirmation before opening them.[21] When the user indicates that they no longer want this confirmation dialog, this ADS is deleted. Alternate streams are not listed in Windows Explorer, and their size is not included in the file's size. They are ignored when the file is copied or moved ...
5/5 2,172 Nov 15, 2019
PHROZEN SAS
RunPE Detector v2.0
RunPE Detector v2.0 Phrozen RunPE Detector is a security program, especially designed to detect and defeat some suspicious processes using a generic method. We at Phrozen Software do things differently, more creatively. So, when we set ourselves the task of creating a novel way of detecting, disabling and removing RATs, we didn't want to take the route every other anti-virus company has done before us. Phrozen Software studied the behaviour of RATs and discovered that hackers virtually always use a technique called RunPE. This technique spawns a legitimate process – often the default browser or a Microsoft system process – and replace it with a malicious program code directly in memory. Your computer is thus tricked and treats the malicious code as a legitimate process. The user and his anti-virus program have no idea that his default browser is effectively turned into a virus. RunPE is a technique that is used in several malicious ways. The two most common are : [1] FWB (Firewall Bypass): As its name suggests, this technique is implemented to bypass or disable the Application Firewall or the Firewall rules. Since most malware needs to connect to a remote Command-and-Control (C&C) Server, it needs to connect to the Internet via the Firewall. Since most users are connected to the Internet at home, normally the installed Firewall would prevent the malware from connecting to the Internet. Using the RunPE technique to hijack a legitimate process that is authorized to reach Internet, any malware could subsequently connect to the C&C without being detected by the Firewall. [2] Malware Packer or Crypter: Generally script kiddies – immature hackers - use a well-known type of malware that is already detected by most anti-virus programs. They then try the obfuscate this malware to evade ...
5/5 2,243 Nov 15, 2019
PHROZEN SAS
SecureMyBit Deny v1.4
SecureMyBit Deny v1.4 SecureMyBit Deny is a simple, light and freeware security tool that permits you to deny execution of scripts that rely on Windows Script Host, perform impairment indicators analysis to detect possible malicious behaviours in analyzed executables, type your text safely against keyloggers, mouseloggers, screenloggers, etc. Then you can monitor your file system for changes and new files, detect processes that are connected to ports commonly used by malware and optimize security settings. (Please note that some antivirus or antimalware programs can detect SecureMyBit Deny as malware, we want to specify that this is a false positive, you can add SecureMyBit Deny to the exclusion list of your antivirus/antimalware). What’s new? Fixed heuristic engine false positive of EXE Analyzer (SecureMyBit Deny.exe) Changed ON/OFF text of File System Monitor button (Thanks @ticklemefeet for the suggestion) Fixed bug in Security Ports Scan Fixed critical bug of Text Editor Anti-Logger Fixed bug in File System Monitor Heuristic engine updated to improve ransomware detection, hash computing, decryption code and registry usage of analyzed EXE Added “Clear log” button to File System Monitor Key Features: Deny scripts execution Make USB read-only Text Editor Anti-Logger Perform EXE analysis Security Ports Scan Monitor File System easily Optimize security settings Terms & Conditions: WE AREN’T ABSOLUTELY RESPONSIBLE FOR ANY KIND OF PROBLEMS, DAMAGES, LOSS OF DATA, LOSS OF FILES OR ANY OTHER KINDS OF PROBLEMS. THE SOFTWARE IS PUBLISHED “AS IS”. THERE MAY BE FALSE POSITIVES IN EXE ANALYZER REPORT(S) BECAUSE OF THE HEURISTIC ANALYSIS. Thank you. SecureMyBit Development Team Compatibility Windows Vista Windows 7 Windows 8/8.1 Windows 10 Special Requirement: Microsoft .NET Framework 4.5 Languages: English SecureMyBit Deny Test:
5/5 1,086 Nov 13, 2019
JM Security
SigcheckGUI v1.1.3
SigcheckGUI v1.1.3 GUI front-end for sigcheck.exe from Sysinternals. Scans for fake Root Certificates in Windows that malware uses to infect a computer. Supports: Win7 x32,Win7 x64,Win98,WinVista,WinVista x64,WinXP v1.1.3 - 2016-11-04 + SigcheckGUI now handles passed files and folders. (Thanks, zxhtrzdg) + Added "Clear unknown" to the Clear menu. * Changed/added some icons. * Verified SigcheckGUI works with sigcheck.exe v2.54. Click here to visit the author's website.
5/5 1,452 Nov 15, 2019
Jody Holmes
Simple Software-restriction Policy v2.20
Simple Software-restriction Policy v2.20 A software policy makes a powerful addition to Microsoft Windows' malware protection. In particular, it is more effective against ransomware than traditional approaches to security. If you know about the Linux 'execute permission' bit then you'll understand what this is for. The mode of operation is somewhat different in that execute permission is granted to folders and subfolders rather than individual files, but the intention is the same, to stop undesirable or unknown software from launching unless you OK it. Additionally, it is possible to specify that certain executables (typically browsers and email clients) are run with reduced rights. This is a valuable damage-limitation measure against browser plugin vulns, etc. The protection can be turned off without a reboot whilst installing legitimate software, and will automatically reactivate after a specified time Click here to visit the author's website.
5/5 1,653 Nov 15, 2019
IWR Consultancy
Tron Script v10.8.7
Tron Script v10.8.7 Tron is a glorified collection of batch files that automate the process of disinfecting and cleaning up Windows systems. It is built with heavy reliance on community input and updated regularly. Tron supports all versions of Windows from XP to 10 (server variants included). What is "Tron Script"? Tron is a script that "fights for the User". It's basically a glorified collection of Windows batch files that automate a bunch of scanning/disinfection/cleanup tools on a Windows system. I got tired of running the utilities manually and decided to just automate everything. I hope this helps other techs, admins, and users in general. Tron's goal is to take a badly-running Windows system (bloated, infected, etc) and automate ~85% of the work involved in disinfecting it, removing bloatware, and basically cleaning everything up to get it running well again. That's pretty much it. At this point it seems to accomplish that goal pretty well on most systems. The whole project is built with heavy reliance on community input and updated regularly. Stages of Tron: Prep: rkill, ProcessKiller, TDSSKiller, Stinger, registry backup, WMI repair, sysrestore clean, oldest VSS set purge, create pre-run System Restore point, SMART disk check, NTP time sync Tempclean: TempFileCleanup, CCLeaner, BleachBit, backup & clear event logs, Windows Update cache cleanup, Internet Explorer cleanup, USB device cleanup De-bloat: remove OEM bloatware; customizable list is in esources\stage_2_de-bloat\oem\; Metro OEM debloat (Win8/8.1/2012 only) Disinfect: Kaspersky Virus Removal Tool, Sophos Virus Removal Tool, Malwarebytes Anti-Malware, DISM image check (Win8/2012 only) Repair: Registry permissions reset, Filesystem permissions reset, SFC /scannow, chkdsk (if necessary) Patch: Updates 7-Zip, Java, and Adobe Flash/Reader and disables nag/update screens (uses some of our PDQ packs); then installs any pending Windows updates ...
5/5 1,935 Nov 15, 2019
vocatus
   
 
Showing rows 1 to 13 of 13 Showing Page 1 of 1  1 


Copyright (c) 2019


Tweets by @GeekOnTheLoose