NoVirusThanks programs

Submit portable freeware that you find here. It helps if you include information like description, extraction instruction, Unicode support, whether it writes to the registry, and so on.
Message
Author
JohnW
Posts: 386
Joined: Wed Apr 19, 2006 9:18 am
Location: London, UK

NoVirusThanks programs

#1 Post by JohnW »

NoVirusThanks programs



Hijack Hunter is an application that thoroughly scans your computer for suspicious behaviour.
It displays information on running processes, registry startups keys, drivers installed, windows hijacks, browser helper objects and much more.
Note - it is NOT a substitute for a virus/malware scanner.
It has the ability to restore the myriad of hijacks that can occur (so examples include Registry Editor, Task Manager, CMD etc etc)
The program also provides quick access to a number of Windows utilities such as msconfig, event viewer, regedit etc etc)

The portable version is available from ...

Code: Select all

http://www.novirusthanks.org/products/portable-versions/
More information is accessible from that address but the key features are shown below:

Generic System Information
Running Processes
Loaded Modules
TCP Connections
Registry Startups
Startup Folders
TCPIP Nameservers
Internet Explorer Settings
Programs allowed in Windows Firewall
Ports allowed in Windows Firewall
Windows Hijacks
Winlogon Notify
ShellExecuteHooks
SharedTaskScheduler
Shell Open Commands
Browser Helper Objects (BHOs)
Wallpaper
Executables in Temp folder
Executables in suspicious folders
Files created 7, 15 and 30 days ago
Hidden files in suspicious folders
Executables in Internet Explorer Folder
Drivers -> FSFilter Anti-Virus
Drivers
Services
Custom files listing
Custom Registry Keys and Values Dump
Exclude Microsoft System Files
Multilingual
HOSTS File Manager
Windows Tools
CLSID List
Restorer
Restore Safe Mode
Restore System Hijacks
Restore Startup Hijacks
Restore IE URLs
Restore IE Hijacks
Reduce memory usage
Exclusion List
Startup files manager
Boot Files manager
Work in background
Kernel Mode Info
Ring3 API Hooks


There are other Novirusthanks portable applications which you might find interesting ...

1. Malware Remover
As implied, a Malware scanner. I already use Malwarebytes so I won't be testing this.
2. Threat Killer
To remove persistent malware
3. Fast Folder Eraser
For the fast and direct removal of folders containing a very large number of files

Finally, let me say that I have not tested these for portability; the site states categorically that they are portable and that satisfies me.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Hijack Hunter v 1.8.2

#2 Post by webfork »

Can't find any reviews/reports on it apart from a site that claims its probably not bad. Reviews, awards or independent information would help.

JohnW
Posts: 386
Joined: Wed Apr 19, 2006 9:18 am
Location: London, UK

Re: Hijack Hunter v 1.8.2

#3 Post by JohnW »

I did do a check and read the same article which concludes that the program is totally safe.
Also, I received an email from the company confirming that the program was portable.
But as so many scareware programs exist relating to so-called anti-virus utilities it is sensible to check

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Hijack Hunter v 1.8.2

#4 Post by webfork »

JohnW wrote:which concludes that the program is totally safe.
Just because its on Avast's website gives no stamp of approval. From the Avast site's forum terms of use:
  • "Note that it is impossible for the staff or the owners of this forum to confirm the validity of posts. Please remember that we do not actively monitor the posted messages, and as such, are not responsible for the content contained within. We do not warrant the accuracy, completeness, or usefulness of any information presented."

    http://forum.avast.com/index.php?action=register
I look forward to trying out this program once positive, independent reviews become available.


User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Hijack Hunter v 1.8.2

#6 Post by webfork »

Bingo on the file safety part; Softpedia has given it a malware-free approval. But they don't say its a good program or worth our time -- they're just hosting it.

User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

Re: Hijack Hunter v 1.8.2

#7 Post by I am Baas »

I recommended MD5 Checksum Tool from NoVirusThanks before and which you seemed to like.

Will test Hijack Hunter later on this weekend.

User avatar
webfork
Posts: 10818
Joined: Wed Apr 11, 2007 8:06 pm
Location: US, Texas
Contact:

Re: Hijack Hunter v 1.8.2

#8 Post by webfork »

I am Baas wrote:I recommended MD5 Checksum Tool from NoVirusThanks before and which you seemed to like.
Good point -- didn't realize the NVT had a history of other stuff. I spent so much time looking for info on Hijack Hunter, I didn't research its author.

User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Re: Hijack Hunter v 1.8.2

#9 Post by guinness »

Tested MD5 Checksum Tool: Portable (would Vote!)
Tested Fast Folder Eraser: Portable (would Vote!)
Tested Hijack Hunter: Portable (not Stealth) (might vote Vote, because of how useful the program is.)
Reg Key Added HKLM\SYSTEM\CurrentControlSet\Services\nhdrv
Reg Val Added HKLM\SYSTEM\CurrentControlSet\Services\nhdrv\DisplayName NoVirusThanks Kernel Driver (Hijack Hunter)
Reg Val Added HKLM\SYSTEM\CurrentControlSet\Services\nhdrv\ImagePath \??\C:\HijackHunter\nhdrv.sys
Reg Val Added HKLM\SYSTEM\CurrentControlSet\Services\nhdrv\Type 1
Tested NoVirusThanks Malware Remover: Portable (would Vote!)
Tested Threat Killer: Portable (would Vote!)
Tested NoVirusThanks Uploader: Portable (would Vote!)

Note: Couldn't Test Zeus Trojan Remover
Last edited by guinness on Sat Jul 24, 2010 3:56 pm, edited 1 time in total.

User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

Re: Hijack Hunter v 1.8.2

#10 Post by I am Baas »

@guinness

That's odd. Hijack Hunter Portable did not create these registry keys on my machine. Anyone care to test?

Ruby
Posts: 324
Joined: Sat Sep 05, 2009 6:35 pm

Re: Hijack Hunter v 1.8.2

#11 Post by Ruby »

@guiness "Not Portable"
How did you come to the conclusion that it's not portable?
While it's not stealth it does seem to be portable.

@I am Bass "Anyone care to test?"
System Driver created:

Code: Select all

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nhdrv]
"DisplayName"="NoVirusThanks Kernel Driver (Hijack Hunter)"
"ImagePath"="\\??\\D:\\Portable\\Utilities\\System\\nhdrv.sys"
"Type"=dword:00000001
The program seems to be OK, the report file it created seems to be thorough for what it is,
although you do need to know what your looking at.

It found avast! kernel hooks and reports as 'Possible Rootkit'.

Code: Select all

[RING0] ntkrnlpa.exe -> ObInsertObject -> 0x81C6C038 -> 0x8A41FF6C -> aswSP.SYS
[RING0] ntkrnlpa.exe -> ObMakeTemporaryObject -> 0x81C1328F -> 0x8A41E5B4 -> aswSP.SYS
[RING0] ntkrnlpa.exe -> NtCreateProcessEx -> 0x81CCD892 -> 0x8A422BA0 -> aswSP.SYS
[RING0] ntkrnlpa.exe -> NtCreateSection -> 0x81C6D8C3 -> 0x8A4229C4 -> aswSP.SYS
[RING0] ntkrnlpa.exe -> NtLoadDriver -> 0x81BA7DF0 -> 0x8A422AFE -> aswSP.SYS

(!!!POSSIBLE ROOTKIT DETECTED!!!)
Note: In the 'Boot Files' section, it doesn't have support for Vista BCD (Boot Configuration Data)

User avatar
guinness
Posts: 4118
Joined: Mon Aug 27, 2007 2:00 am
Contact:

Re: Hijack Hunter v 1.8.2

#12 Post by guinness »

How did you come to the conclusion that it's not portable?
No need to be aggressive in your last post Ruby :) I am starting to class a Portable application as one which writes no settings or files outside of the application folder. But I updated my post!

Plus I was merely being helpful by testing applications for those who don't have the time.

Ruby
Posts: 324
Joined: Sat Sep 05, 2009 6:35 pm

Re: Hijack Hunter v 1.8.2

#13 Post by Ruby »

Upon rereading my post, perhaps I could have omitted the question.
At the time of posting I most certainly felt no aggression.
Apologies

User avatar
I am Baas
Posts: 4150
Joined: Thu Aug 07, 2008 4:51 am

Re: Hijack Hunter v 1.8.2

#14 Post by I am Baas »

This is very strange. I ran Hijack Hunter a few times already, tested all featues but the 'Restore' one and still nothing in the registry (opened regedit and searched manually for the keys).

Ruby
Posts: 324
Joined: Sat Sep 05, 2009 6:35 pm

Re: Hijack Hunter v 1.8.2

#15 Post by Ruby »

That is strange as it needs that driver (nhdrv.sys) for a low level scan.

Couple of things to check:
1. Running as Admin.
2. At the bottom of the log does it show kernel hooks (3rd party; antivirus, firewall)
3. Driver in same folder as executable (not sure if it would even run, but I've since deleted and can't check)
4. Open regedit, expand HKEY_LOCAL_MACHINE, right-click on 'SYSTEM' click find and enter 'NewlyCreated' (no quotes) in the find box.
5. Finally, try running NirSoft RegScanner and search for 'nhdrv' (no quotes).

Post Reply