| |
| NEWS |
|
|
|
 |
|
|
30.01.2012 Vba32 AntiRootkit 3.12.5.6 beta build 500
-
Stability of Vba32 Defender was improved
-
Stability of direct mass storage access library was improved
-
Fixed some minor bugs in GUI
-
Help in Russian was improved
17.01.2012 Vba32 AntiRootkit 3.12.5.6 beta build 493
-
Volume Boot Sectors verification feature. Detection, view, dump and restoration of non-standard and forged loaders. Saving primary volume boot sector in html log.
-
Ability to use Vba32 AV-Kernel to verify forged, locked files and boot sectors as well
-
Force Delete option
-
Functionality of Low-level disk access Scanner enhanced
-
Stability of direct mass storage access library was significantly improved
-
Overall work robustness of antirootkit was improved
-
HTML-report was improved
-
Help in Russian was improved
22.11.2011 Vba32 AntiRootkit 3.12.5.5 beta build 425
-
Native support of IDE and AHCI mass storage controllers.
-
Vba32 Defender: interactive mode, white and black lists, hints for users implemented. Ability to start processes on dedicated desktop.
-
Basic self-defence functionality has been added.
-
Ability to detach device from device stack
-
Hidden driver detection technique ( raw memory lookup, only on Vista and later OS'es )
-
View/delete for ObCallbacks notificators
-
Restore MBR and force reboot option
-
Output of MD5/SHA1 for checked files
-
"Don't display items with empty path name" option in drivers/services tool
-
Support of Windows 8 ( Developer Preview Build )
-
Issue with driver unload and loss of sound on some systems
-
Overall work robustness of antirootkit was improved
-
Help in Russian was improved
14.07.2011 Vba32 AntiRootkit 3.12.5.4 beta build 293
-
Low-level operations with disk volumes. Support of MBR and GPT. Support of Microsoft/Veritas dynamic volumes (Simple, Spanned, Striped, Mirrored and Raid-5)
-
Boot sectors verification feature. Detection, view, dump and restoration of non-standard and forged loaders. Saving primary boot sector in html log.
-
Added detection and restoration of abnormal Global Descriptor Table (GDT) entries
-
Increased the number of checked autorun items (LSA Providers, SubSystems\Windows, etc.)
-
Detection and restoration of IDT and SysEnter hooks were improved
-
Safe protected handles closure (CloseHandle)
-
Checking standard OS Windows Firewall rules
-
Overall work robustness of antirootkit was improved
-
Help in Russian was improved
25.04.2011 Vba32 AntiRootkit 3.12.5.3 beta build 222
-
Listing filesystem minifilters
-
Operations on filesystem minifilters (Unload, Unregister)
-
Listing kernel devices (Kernel Device Stack)
-
View/delete for FsRtlRegisterFileSystemFilterCallbacks notificators
-
Detection of DriverInit, DriverStartIo, DriverUnload hooks
-
Detection and restoration of hooks in Object Functions (ObjectType hooks)
-
Object type hijack detection for drivers and devices
-
Operation with opened handles (CloseHandle)
-
Terminating status in the time of Process Manager closing
-
Fixed nonworking checkboxes in html-report (in FireFox)
-
Focus from "YES" button was moved to "NO" button in the dedicated desktop request message
-
Fixed GUI crash on infected with Trojan.Win32.VBKrypt machines
-
Overall work robustness of antirootkit was improved
-
Help in Russian was improved
14.03.2011 Vba32 AntiRootkit 3.12.5.2 beta build 168
-
Process List window replaced with Process Manager. Significantly increased informative content
-
Listing anomalies for each process
-
Operations on processes (Terminate, Terminate and Delete, Suspend / Resume, Dump)
-
Listing modules, including hidden
-
Operations on modules (Unmap, Dump)
-
Listing threads, including hidden and anomaly
-
Operations on threads, including system threads (Terminate, Suspend / Resume)
-
Listing handles
-
Listing unloaded kernel modules
-
Detection and restoration of hooks in IAT (for kernel modules)
-
View/delete for Lego, SeFileSystem, LastChanceShutdown, Shutdown, BugCheckReason, FsRegistrationChange notificators
-
Network Tool window (parsing of host and lmhost files, persistent routes, LSP providers)
-
Dedicated antirootkit desktop
-
Full safe-mode support
-
Detection of revoked certificates
-
Increased the number of checked autorun items (Print Provider, Control Panel objects, Known DLLs, URLSearch IE, Toolbar IE, IE Extensions, etc.)
-
Support of Windows 7 SP1
-
Search of hidden drivers was improved, added detection of numerous anomalies
-
Increased low-level scanning speed
-
Fixed BSOD on highly fragmented NTFS folumes
-
"Don't display items digitally signed" option replaced with "Don't display trusted items"
-
HTML-report was improved
-
Internal caching of scanning files was improved
-
Help in Russian was improved
11.05.2010 Vba32 AntiRootkit 3.12.5.1 beta
-
Main window was completely redesigned
-
Increased the number of checked autorun items (Quick Launch, Service Modules, Explorer, Task Scheduler, Image File Execution Options)
-
View/delete for KeBugCheck notificators
-
Usability was improved (added context menus, hot keys, tabs, etc.)
-
HTML-report was improved: navigation, scan time, the state of Vba32 Defender were added. Interrupted scanning and errors in the analysis process are correctly displayed in the report
-
Web page of beta-version Vba32 AntiRootkit (http://anti-virus.by/en/beta.shtml)
-
Internal caching of scanning files was improved
-
Hidden processes search mechanism was improved
-
Vba32ar.dll and Vba32arch.dll functional moved to .exe file. Now .exe packs with UPX
-
Help in Russian was improved
-
Temporarily removed quarantine and scripts
12.03.2010 Vba32 AntiRootkit 3.12.5.0 beta
-
Overall work robustness of antirootkit was improved
05.03.2010 Vba32 AntiRootkit 3.12.5.0 beta
-
Overall work robustness of antirootkit was improved
02.03.2010 Vba32 AntiRootkit 3.12.5.0 beta
-
Overall work robustness of antirootkit was improved
22.02.2010 Vba32 AntiRootkit 3.12.5.0 beta
-
Added direct disk access mechanism. NTFS and FAT 12/16/32 are supported. Low-level file verification is performed in all existed windows / checks.
-
Added Low-Level Disk Access Tool windows. View, Copy, Delete and Wipe (with purging from windows file cache) operations were implemented at a low level. Hidden, locked and forged files can be optionally highlighted. NTFS Alternate Data Streams and symbolic links are also supported
-
Vba32 Defender prevents executable file startup and driver loading during the antirootkit operation time
-
Search hidden drivers was improved, Windows driver stack analysis was added
-
Search of hidden processes was improved (were added handle search in csrss.exe, PspCidTable parsing and etc.)
-
Section attributes verification for all kernel-mode modules was added
-
Search of hidden IRP handlers was added
-
Possibility to exclude user mode images in kernel modules window was added
-
Prosess window was improved, EPROCESS address and short name were added to user view
-
Interaction between GUI and antirootkit driver was improved
-
Hook detection mechanism was revised. Checking of EAT and code sections of all kernel mode modules was implemented.
-
Help in Russian was improved
16.11.2009 Vba32 AntiRootKit 3.12.4.0
07.10.2009 Vba32 AntiRootKit 3.12.3.3 beta
-
Added support of Windows 7
09.09.2009 Vba32 AntiRootKit 3.12.3.3 beta
-
Help was translated from Russian into English
16.07.2009 Vba32 AntiRootKit 3.12.3.3 beta
-
Added detection and restoration of hooks in Interrupt Descriptor Table (IDT)
-
Added detection and restoration of hooks in Code Sections of Kernel (.text and PAGE)
-
Viewing and deleting of Kernel-Mode notificators implemented (create thread, create process, load image etc.)
-
Added support of Windows Vista SP2 and Windows 7 RC build 7100
-
Some bugs in Autorun window and Drivers and Services (from Registry) window were fixed
-
Autosize columns in listviews after scanning feature
-
Behaviour of Settings window was fixed
-
Search hidden driver path algorithm was improved
-
Option "Create ZIP archive" in Logging State window is set to default
-
Automatic restart after Advanced Monitoring Driver installation
-
Some minor bugs in child windows were fixed
-
Help was improved
26.05.2009 Vba32 AntiRootKit 3.12.3.2 beta
-
Added detection and restoration of hooks in Export Address Table (EAT) in Ndis.sys
-
Added detection and restoration of hooks in Export Address Table (EAT) in Ndis.sys
-
Advanced monitoring of loaded Kernel Modules
-
Added detection and restoration of hooks (aka splicing) in KiFastCallEntry; functions of SSDT and Shadow SSDT tables; functions from EAT Ntoskrnl.exe, Hal.dll, Ndis.sys
-
Memory dump of Kernel Modules feature implemented
-
Added possibility of saving report to Zip-archive
-
Automatic detection of VBA32 (checkbox Use AV Kernel)
-
Detection of SysEnter register modification was improved
-
Hooks acquisition algorithm in KernelMode was improved
-
Some minor bugs in child windows were fixed
-
Errors in hooks detection were fixed (Windows 2000)
-
Report information gathering algorithm was improved
-
Help was improved
07.04.2009 Vba32 AntiRootKit 3.12.3.1 beta
-
Added detection and restoration of hooks in Shadow System Service Table (Shadow SSDT)
-
Added detection and restoration of hooks in Kernel Export Address Table (EAT)
-
Added detection of IRP and FastIO hooks
-
Added "Restore All" button in KernelMode Hooks window
-
Name of hooked functions acquisition algorithm was improved
-
Recovery and representation of corrupted files algorithm from the Quarantine was improved
-
Report information gathering algorithm was improved
-
Progress bar behaviour was fixed
06.03.2009 Vba32 AntiRootKit 3.12.3.0 beta
-
List of Autorun (ActiveX, BHO, LSP, Autorun.inf, SecurityProviders etc.)
-
List of Drivers and Services (from Registry)
-
Checking state of MSR registers (SysEnter)
-
Caching of files in AV-kernel checking
-
Reports are saved in html format
-
UNICODE support
-
The Quarantine was improved
-
"Apply" button behaviour in Settings window was fixed
-
Error with receiving of processes-list was fixed on Windows 2003
|
|
BY
BG
RU
UA
ES
PL
LV
IR
JP
FR
