www.anti-virus.by
BY | BG | RU | UA | ES | PL | LV | IR | JP | FR | Home
  VirusBlokAda  
 
 
 

News

 


20.04.2012 Vba32 AntiRootkit 3.12.5.7 beta build 588
  • Registry hives parsing mechanism has been added. Direct registry access is performed in Autorun and Drivers & Services ( from Registry ) windows, and in report as well
  • Added Low-Level Registry Access Tool window. Operations on hidden, locked and forged registry keys / values
  • Restoration of modified MBR partition table
  • Vba32 Defender: added information about command line and parend pid ( for processes ). Ability to block the creation of new registry keys and setting of registry values
  • Reboot on Exit option
  • Support of Windows 8 Consumer Preview. Support of Windows 8 Developer Preview has been dropped
  • Force reset option
  • Overall work robustness of antirootkit was improved
  • Stability of direct mass storage access library was improved
  • Stability of Vba32 Defender was improved
  • Fixed bugs in self-protection module
  • Fixed bugs in GUI
  • Help in Russian was improved

30.01.2012 Vba32 AntiRootkit 3.12.5.6 beta build 500
  • Stability of Vba32 Defender was improved
  • Stability of direct mass storage access library was improved
  • Fixed some minor bugs in GUI
  • Help in Russian was improved

17.01.2012 Vba32 AntiRootkit 3.12.5.6 beta build 493
  • Volume Boot Sectors verification feature. Detection, view, dump and restoration of non-standard and forged loaders. Saving primary volume boot sector in html log.
  • Ability to use Vba32 AV-Kernel to verify forged, locked files and boot sectors as well
  • Force Delete option
  • Functionality of Low-level disk access Scanner enhanced
  • Stability of direct mass storage access library was significantly improved
  • Overall work robustness of antirootkit was improved
  • HTML-report was improved
  • Help in Russian was improved

22.11.2011 Vba32 AntiRootkit 3.12.5.5 beta build 425
  • Native support of IDE and AHCI mass storage controllers.
  • Vba32 Defender: interactive mode, white and black lists, hints for users implemented. Ability to start processes on dedicated desktop.
  • Basic self-defence functionality has been added.
  • Ability to detach device from device stack
  • Hidden driver detection technique ( raw memory lookup, only on Vista and later OS'es )
  • View/delete for ObCallbacks notificators
  • Restore MBR and force reboot option
  • Output of MD5/SHA1 for checked files
  • "Don't display items with empty path name" option in drivers/services tool
  • Support of Windows 8 ( Developer Preview Build )
  • Issue with driver unload and loss of sound on some systems
  • Overall work robustness of antirootkit was improved
  • Help in Russian was improved

14.07.2011 Vba32 AntiRootkit 3.12.5.4 beta build 293
  • Low-level operations with disk volumes. Support of MBR and GPT. Support of Microsoft/Veritas dynamic volumes (Simple, Spanned, Striped, Mirrored and Raid-5)
  • Boot sectors verification feature. Detection, view, dump and restoration of non-standard and forged loaders. Saving primary boot sector in html log.
  • Added detection and restoration of abnormal Global Descriptor Table (GDT) entries
  • Increased the number of checked autorun items (LSA Providers, SubSystems\Windows, etc.)
  • Detection and restoration of IDT and SysEnter hooks were improved
  • Safe protected handles closure (CloseHandle)
  • Checking standard OS Windows Firewall rules
  • Overall work robustness of antirootkit was improved
  • Help in Russian was improved

25.04.2011 Vba32 AntiRootkit 3.12.5.3 beta build 222
  • Listing filesystem minifilters
  • Operations on filesystem minifilters (Unload, Unregister)
  • Listing kernel devices (Kernel Device Stack)
  • View/delete for FsRtlRegisterFileSystemFilterCallbacks notificators
  • Detection of DriverInit, DriverStartIo, DriverUnload hooks
  • Detection and restoration of hooks in Object Functions (ObjectType hooks)
  • Object type hijack detection for drivers and devices
  • Operation with opened handles (CloseHandle)
  • Terminating status in the time of Process Manager closing
  • Fixed nonworking checkboxes in html-report (in FireFox)
  • Focus from "YES" button was moved to "NO" button in the dedicated desktop request message
  • Fixed GUI crash on infected with Trojan.Win32.VBKrypt machines
  • Overall work robustness of antirootkit was improved
  • Help in Russian was improved

14.03.2011 Vba32 AntiRootkit 3.12.5.2 beta build 168
  • Process List window replaced with Process Manager. Significantly increased informative content
  • Listing anomalies for each process
  • Operations on processes (Terminate, Terminate and Delete, Suspend / Resume, Dump)
  • Listing modules, including hidden
  • Operations on modules (Unmap, Dump)
  • Listing threads, including hidden and anomaly
  • Operations on threads, including system threads (Terminate, Suspend / Resume)
  • Listing handles
  • Listing unloaded kernel modules
  • Detection and restoration of hooks in IAT (for kernel modules)
  • View/delete for Lego, SeFileSystem, LastChanceShutdown, Shutdown, BugCheckReason, FsRegistrationChange notificators
  • Network Tool window (parsing of host and lmhost files, persistent routes, LSP providers)
  • Dedicated antirootkit desktop
  • Full safe-mode support
  • Detection of revoked certificates
  • Increased the number of checked autorun items (Print Provider, Control Panel objects, Known DLLs, URLSearch IE, Toolbar IE, IE Extensions, etc.)
  • Support of Windows 7 SP1
  • Search of hidden drivers was improved, added detection of numerous anomalies
  • Increased low-level scanning speed
  • Fixed BSOD on highly fragmented NTFS folumes
  • "Don't display items digitally signed" option replaced with "Don't display trusted items"
  • HTML-report was improved
  • Internal caching of scanning files was improved
  • Help in Russian was improved

11.05.2010 Vba32 AntiRootkit 3.12.5.1 beta
  • Main window was completely redesigned
  • Increased the number of checked autorun items (Quick Launch, Service Modules, Explorer, Task Scheduler, Image File Execution Options)
  • View/delete for KeBugCheck notificators
  • Usability was improved (added context menus, hot keys, tabs, etc.)
  • HTML-report was improved: navigation, scan time, the state of Vba32 Defender were added. Interrupted scanning and errors in the analysis process are correctly displayed in the report
  • Web page of beta-version Vba32 AntiRootkit (http://anti-virus.by/en/beta.shtml)
  • Internal caching of scanning files was improved
  • Hidden processes search mechanism was improved
  • Vba32ar.dll and Vba32arch.dll functional moved to .exe file. Now .exe packs with UPX
  • Help in Russian was improved
  • Temporarily removed quarantine and scripts

12.03.2010 Vba32 AntiRootkit 3.12.5.0 beta
  • Overall work robustness of antirootkit was improved

05.03.2010 Vba32 AntiRootkit 3.12.5.0 beta
  • Overall work robustness of antirootkit was improved

02.03.2010 Vba32 AntiRootkit 3.12.5.0 beta
  • Overall work robustness of antirootkit was improved

22.02.2010 Vba32 AntiRootkit 3.12.5.0 beta
  • Added direct disk access mechanism. NTFS and FAT 12/16/32 are supported. Low-level file verification is performed in all existed windows / checks.
  • Added Low-Level Disk Access Tool windows. View, Copy, Delete and Wipe (with purging from windows file cache) operations were implemented at a low level. Hidden, locked and forged files can be optionally highlighted. NTFS Alternate Data Streams and symbolic links are also supported
  • Vba32 Defender prevents executable file startup and driver loading during the antirootkit operation time
  • Search hidden drivers was improved, Windows driver stack analysis was added
  • Search of hidden processes was improved (were added handle search in csrss.exe, PspCidTable parsing and etc.)
  • Section attributes verification for all kernel-mode modules was added
  • Search of hidden IRP handlers was added
  • Possibility to exclude user mode images in kernel modules window was added
  • Prosess window was improved, EPROCESS address and short name were added to user view
  • Interaction between GUI and antirootkit driver was improved
  • Hook detection mechanism was revised. Checking of EAT and code sections of all kernel mode modules was implemented.
  • Help in Russian was improved

16.11.2009 Vba32 AntiRootKit 3.12.4.0
  • Public release

07.10.2009 Vba32 AntiRootKit 3.12.3.3 beta
  • Added support of Windows 7

09.09.2009 Vba32 AntiRootKit 3.12.3.3 beta
  • Help was translated from Russian into English

16.07.2009 Vba32 AntiRootKit 3.12.3.3 beta
  • Added detection and restoration of hooks in Interrupt Descriptor Table (IDT)
  • Added detection and restoration of hooks in Code Sections of Kernel (.text and PAGE)
  • Viewing and deleting of Kernel-Mode notificators implemented (create thread, create process, load image etc.)
  • Added support of Windows Vista SP2 and Windows 7 RC build 7100
  • Some bugs in Autorun window and Drivers and Services (from Registry) window were fixed
  • Autosize columns in listviews after scanning feature
  • Behaviour of Settings window was fixed
  • Search hidden driver path algorithm was improved
  • Option "Create ZIP archive" in Logging State window is set to default
  • Automatic restart after Advanced Monitoring Driver installation
  • Some minor bugs in child windows were fixed
  • Help was improved

26.05.2009 Vba32 AntiRootKit 3.12.3.2 beta
  • Added detection and restoration of hooks in Export Address Table (EAT) in Ndis.sys
  • Added detection and restoration of hooks in Export Address Table (EAT) in Ndis.sys
  • Advanced monitoring of loaded Kernel Modules
  • Added detection and restoration of hooks (aka splicing) in KiFastCallEntry; functions of SSDT and Shadow SSDT tables; functions from EAT Ntoskrnl.exe, Hal.dll, Ndis.sys
  • Memory dump of Kernel Modules feature implemented
  • Added possibility of saving report to Zip-archive
  • Automatic detection of VBA32 (checkbox Use AV Kernel)
  • Detection of SysEnter register modification was improved
  • Hooks acquisition algorithm in KernelMode was improved
  • Some minor bugs in child windows were fixed
  • Errors in hooks detection were fixed (Windows 2000)
  • Report information gathering algorithm was improved
  • Help was improved

07.04.2009 Vba32 AntiRootKit 3.12.3.1 beta
  • Added detection and restoration of hooks in Shadow System Service Table (Shadow SSDT)
  • Added detection and restoration of hooks in Kernel Export Address Table (EAT)
  • Added detection of IRP and FastIO hooks
  • Added "Restore All" button in KernelMode Hooks window
  • Name of hooked functions acquisition algorithm was improved
  • Recovery and representation of corrupted files algorithm from the Quarantine was improved
  • Report information gathering algorithm was improved
  • Progress bar behaviour was fixed

06.03.2009 Vba32 AntiRootKit 3.12.3.0 beta
  • List of Autorun (ActiveX, BHO, LSP, Autorun.inf, SecurityProviders etc.)
  • List of Drivers and Services (from Registry)
  • Checking state of MSR registers (SysEnter)
  • Caching of files in AV-kernel checking
  • Reports are saved in html format
  • UNICODE support
  • The Quarantine was improved
  • "Apply" button behaviour in Settings window was fixed
  • Error with receiving of processes-list was fixed on Windows 2003




 
CONTACTS
220088,Smolenskaya str., 15, 803, Minsk, Belarus
Sales department: +375 17 294 84 29
Development department: +375 17 290 59 29
Support: support-en@anti-virus.by
Sales: sales-en@anti-virus.by
New viruses: newvirus@anti-virus.by
Twitter: VirusBlokAda@Twitter