home >> userland >> spy dll remover

SpyDLLRemover v3

TOP

SpyDLLRemover is the standalone tool to effectively detect and delete spywares from the system. It comes with advanced spyware scanner which quickly discovers hidden Rootkit processes as well suspcious/injected DLLs within all running processes. It not only performs sophisticated auto analysis on process DLLs but also displays them with various threatlevels, which greatly helps in quick identification of malicious DLLs. The DLL search feature helps in finding DLL within all running processes using just partial or full name. Then user can choose to remove the dll from single process or from all loaded processes with just one click.

One of the unique feature of SpyDLLRemover is its capability to free the DLL from remote process using advanced DLL injection method which can defeat any existing Rootkit tricks. It also uses sophisticated low level anti-rootkit techniques to uncover hidden userland Rootkit processes as well as to terminate them.

SpyDLLRemover comes with support for Microsoft's latest operating system, Windows 7. Apart from this, it introduces new 'Scan Settings' option to allow the user to fine tune the scanning operation. Also it features improved heurestic analysis, enriched user interface, Intelli-Refresh of 'Process Viewer' and more. Current version provides support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7.

Features of SpyDLLRemover v3

TOP

Here are some of the prominent and unique features of SpyDLLRemover which set it apart from any other tool of its kind.

  • Advanced Spyware Scanner which efficiently discovers hidden Rootkit processes as well as suspicious/injected DLLs within all running processes in the system.


  • Detection and removal of hidden userland Rootkit processes using sophisticated techniques such as

  • - Direct NT System Call Implementation
    - Process ID Bruteforce Method (PIDB) as first used by BlackLight
    - CSRSS Process Handle Enumeration Method

  • State of art technique for completely freeing the injected DLL from remote process based on advanced DLL injection method using low level implementation which defeats any blocking attempts by Rootkits. This is one of those unique features found only in SpyDLLRemover.


  • Sophisticated DLL auto analysis which helps in seperating out the legitimate modules/DLLs from the malicious ones. Such DLLs are displayed using different colors representing various threat levels for quicker and easier identification.


  • 'Scan Settings' option to fine tune the scanning operation based on user needs.


  • Inteli-Refresh of 'Process Viewer' leading to flicker free user experience.


  • Integrated online verification mechanism through ProcessLibrary.com to validate any suspcious DLLs. This makes it easy to differentiate between the spyware & legitimate DLLs.


  • DLL Tracer feature to search for dll within the running processes using partial or full name. Then user can choose to remove the dll from single process or from all loaded processes with just one click.


  • Sort the process/DLL in the list based on various parameters for easier and quicker analysis.


  • Detailed report generation of Spyware scanning result as well as process/DLL list in standard HTML format for offline investigation.


  • View the process/DLL properties for more information by just double clicking on the process/DLL entry in the list.


  • Feature to show all running processes in the system which has loaded the selected DLL. Also user can click on "Remove DLL from ALL' button to quickly remove any such malicious DLL from all loaded processes.


  • Termination of suspicious or hidden process based on low level implementation which makes it very effective against any Rootkit techniques.


  • Support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7.


  • Displays detailed information about all running processes on the system

  • - Process name
    - Process Id
    - Session Id
    - Company Name
    - Product Name
    - Process Description
    - Memory Utilization
    - Process Binary Path
    - Process File Size
    - File Install Date

  • Shows detailed information about each loaded DLLs within process to make it easier for manual analysis.

  • - DLL Name
    - Company Name
    - Description
    - Comment about type of DLL (System, Hidden, Suspicious)
    - Load/reference count of DLL
    - Loading Type (static/dynamic)
    - DLL File Size
    - File Install Date
    - Base Address of DLL
    - Entry point of DLL
    - Full DLL File Path

  • It is standalone tool which does not require any installation and can be executed directly.

  • Enriched user interface along with more user friendly options makes it the cool tool.


SpyDLLRemover v3 in Action

TOP

Here are the screenshots of SpyDLLRemover which demonstrates its effectiveness in detecting spywares and eliminating them with ease.

Screenshot 1: SpyDLLRemover scanning the infected system for spywares and showing the malicious DLL injected by Vanquish Rootkit along with other suspicious DLLs.


*To zoom in - click the image*

Screenshot 2: SpyDLLRemover's newly introduced 'Scan Settings' which provides flexibility to user to fine tune the scanning operation.


*To zoom in - click the image*

Screenshot 3: SpyDLLRemover detecting the hidden modules/DLLs injected within cmd.exe process by Vanquish Rootkit.


*To zoom in - click the image*

Screenshot 4:SpyDLLRemover's 'DLL Tracer' feature showcasing the DLL search operation to trace the DLL within all running processes.


*To zoom in - click the image*

Screenshot 5: Detailed report of Spyware Scanning Result in HTML format generated by SpyDLLRemover.


*To zoom in - click the image*

Version History

TOP

Version 3.2 08th Feb 2010:
This version extends support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7.

Version 3.0 30th Nov 2009:
This version extends support for Microsoft's new operating system, Windows 7. Along with this, it introduces 'Scan Settings' option to allow the user to fine tune the scanning operation. Also it features improved heurestic analysis, enriched user interface, Intelli-Refresh of 'Process Viewer' etc.

Version 2.5.0 12th July 2009:
Next major version of SpyDLLRemover with DLL Tracer feature to quickly search for DLL within all running processes. It also includes the major bug fixes and improved user interface.

Version 2.0.1 26th May 2009:
Released second version of SpyDLLRemover with enriched features such as Spyware Scanning of System, Improved DLL auto analysis, Enhanced GUI interface, HTML based report generation of spyware scanning result as well as process/DLL list, advanced technique for removal of injected DLL from all loaded processes, sorting the process/dll based on various parameters for easier and quicker identification.

Version 1.0.1 17th March 2009:
Released the first version of SpyDLLRemover. To check out the older version page, CLICK HERE

Download SpyDLLRemover

TOP

Platform:
Windows XP, 2003, Vista, Longhorn and Windows 7.
On 64 bit platform, only 32 bit processes are supported.

Hashes For SpyDLLRemover_v3_2.zip :
MD5 Hash: 3f1e44fcdd36be5f321743402a292209
SHA1: 9eaff5f424303e09e90d0ceb436fe19c9bba100b

Click the following to download:

Download SpyDLLRemover v3.0

Awards

TOP

Windows7download FindMysoft.com - Fast and free software download directory Top 4 Download - free downloads Reviews on SoftSea SpyDLLRemover download SpyDLLRemover received 100% CLEAN award on DownloadRoute.com Softpedia SpyDLLRemover v3

Blogs

New SpyDLLRemover to Remove DLL from System Process
Nagareshwar Talekar
Tue, 09 Feb 2010 04:28:20 +0000


The newer version of SpyDLLRemover v3.2 now support removal malicious DLL from system processes on Vista/Win7 platforms. Starting with Vista, Windows has introduced the session separation feature which prevents processes in one session interacting with process in another session. Normally all system processes including services live in session 0. All user session starts with session 1. [...]


SpyDLLRemover & Misconceptions
Nagareshwar Talekar
Sun, 07 Feb 2010 17:03:06 +0000


No software is perfect in this world and so is the SpyDllRemover. I am writing this post here to clear some of the misconceptions about SpyDllRemover. Many times people complain that SpyDllRemover is showing false positive or listing the legitimate DLL as malicious. SpyDLLRemover uses heuristic approach for deducing the type of threats unlike other anti-virus/anti-spy [...]


SpyDLLRemover on Facebook
Nagareshwar Talekar
Sat, 23 Jan 2010 06:30:38 +0000


SpyDLLRemover was published on Facebook’s ‘Tips, Trick & Tutorial’ section. This is Facebook’s additional section where it lists top tools on the web which make our day to day life easier. Its the proud moment for all of us at RootkitAnalytics to see the SpyDLLRemover being listed at Facebook. .


Coming Soon – HiddenADSExplorer
Nagareshwar Talekar
Sun, 10 Jan 2010 11:33:10 +0000


HiddenADSExplorer, another smart tool from the RootkitAnalytics will be hitting the market in early next month.  This is the GUI based application to detect and destroy hidden malicious alternate data streams (in short ADS) from the system.  Rootkits often hide their traces in the covers of ADS as they are lesser known and no sophisticated [...]


DWTF – DLL Watcher & Template Framework
Nagareshwar Talekar
Thu, 17 Dec 2009 18:33:40 +0000


DWTF (DLL Watcher & Template Framework) is the simple engine designed by Dreg to create duplicate or fake DLL from the original DLL. It creates separate export section in the new fake DLL with each entry pointing to export section of original DLL. In short this new fake DLL acts like interceptor and can be useful [...]


Blogs are now listed on the main page!
evilfingers
Fri, 11 Dec 2009 03:00:28 +0000


We are doing our best to keep you posted with up-to-date stuff on Rootkit Analytics world. For your convenience, the top 10 blogs are also listed on the main site: www.RootkitAnalytics.com. Soon, we would have posts on whats going on in the external world related to the science of rootkit analysis, comparison of rootkit analysis tools, [...]


Unleashing the SpyDLLRemover 3.0 for Windows 7
Nagareshwar Talekar
Mon, 30 Nov 2009 18:24:46 +0000


The next magnificent version of SpyDLLRemover is finally launched at RootkitAnalytics.com. This version marked as 3.0 is mainly targeted to support Microsoft’s latest operating system, Windows 7. Along with Windows 7 support, it comes with ‘Scan Settings’ option to allow user to fine tune the scanning operation. With this user can now customize the various scanning [...]


SpyDLLRemover with Scan Settings
Nagareshwar Talekar
Sat, 28 Nov 2009 19:33:09 +0000


Next version of SpyDLLRemover will come up with option to customize the scan settings.  This will greatly help to tune the scan results according to one’s taste through easy to customizable dialog. Here is the snapshot of the ‘Scan Settings’ dialog… Now one can tweak the options such as scan hidden process with different methods, scan hidden [...]


Coming Soon – SpyDLLRemover for Win7
Nagareshwar Talekar
Wed, 25 Nov 2009 17:28:04 +0000


With Microsoft Launching Windows 7, SpyDLLRemover is now getting ready to put up the show. Compared to Vista, Windows 7 has gone through a lot of internal structural changes which will be addressed in the upcoming version of SpyDLLRemover. Apart from support for Windows 7, new SpyDLLRemover features following improvements… Settings to [...]


Wandering Through Trojan.NtRootKit.47 Driver
Nagareshwar Talekar
Wed, 25 Nov 2009 17:23:13 +0000


Author:  Davide “ocean” Quarta Introduction I didn’t have the dropper at the moment of writing this, only the driver. Without the dropper we can only get a generic idea of what the driver is used for. The driver has been reverse engineered by deadlist, a really irritating thing to do actually, but it can [...]


Socialize with RootkitAnalytics

Twitter Feed Blogspot

Links

Rootkits & Enterprise: Enterprise is a major victim to rootkits. What could rootkits do to them?[read more]

Rootkits & Home-users: Do home-users know the seriousness of rootkits? What should a home-user know about rootkits?[read more]

Rootkits & Information Warfare: What does the silent war of intelligence and national security, got to do with rootkit analysis?[read more]

Userland Rootkits: What should one know about userland rootkits?[read more]

Spy DLL Remover: Were you looking for a tool to detect userland rootkits in your Windows box?[read more]

Kernelland Rootkits: What should one know about kernelland rootkits?[read more]

ElfStat: ElfStat is a tool designed for detecting any kernel malware that modifies the text segment of the kernel in memory...[read more]

Syscall/Kernel function interception: This is a more stealth method of syscall hijacking without having to directly modify the syscall table; instead the first several bytes of the syscall are overwritten with a jump to the new code...[read more]

Syscall Interception: What should you know about Syscall interception by directly modifying the Syscall table?[read more]

KsiD [Kernel Symbol Interception Detection]: This tool is designed to detect kernel rootkits and kernel malware which hijack syscalls and kernel functions ...[read more]

IDT /dev/kmem rootkit method: This can be done using several methods including overwriting the first several bytes of the syscall with a jump to other code, or modifying the function pointers.[read more]

Hidden Process Detection: Hidden Process Detection [HPD] using Direct NT System Call Implemenation, PIDB (Process ID Bruteforce) method, CSRSS Process Handle Enumeration and other methods...[read more]

Hidden Registry Detection: Reason for Hiding the Registry Entries, Rootkit techniques to hide, and Detecting Hidden Registry Entries Using Direct NT System Call Method and Directly Reading Hives Method...[read more]

Hidden Service Detection: Hidden Rootkit Services Detection Methods...Enumerating Processes with 'NtControlPipe', Hook Bypass Method through Mapped Image, Services Enumerating Child Processes of Services.exe, Enumerating Services Registry Key...[read more]

Syscall Handler Checker [SHC]: This tool simply verifies whether or not the system call handler system_call() has been patched to call a phony sys_call_table. If a phony sys_call_table appears to be in use, a tool like elfstat can be used for further analysis...[read more]

Firmware Rootkits: Firmware is a small static code that runs on devices ranging from consumer electronics to anything that controls heavy machinery...[read more]

Hypervisor Rootkits: This comes under both firmware and hardware rootkits. The reason being, hypervisor is a virtual environment that runs on the hardware, but basically it is a firmware. Hence, we have drawn the line and dropped this rootkit in the firmware category of rootkits...[read more]

Publications: In this section, we are planning to list all the papers that we have published so far that are rootkit related.

Backdoor Ultimate Defender: In this paper (Backdoor.Win32.UltimateDefender.gtz - Reversing) we analyze install.exe that presents the typical structure of an Medium Evoluted Malware, with basical Obfuscated-Dummy Code...[read more]

Socialize: You could socialize with us by many ways...[read more]

About: Learn about rootkit analytics here...[read more]

Contact us: How can you reach us...[read more]

Our Team: Read more about the rootkit analytics team...[read more]

dwtf v1.0 dwtf is a DLL copying engine ... [read more]

Number of Installations

Spy DLL Remover23500
Elfstat910
KsiD590
SHC435
dwtf272

Socialize with EvilFingers

Twitter Feed Blogspot LinkedIn Delicious Google

Tweets


@EvilFingers You're not following me, so I can't reply to your DM. Volunteer for what?

RT @EvilFingers: Hey guys, we are looking for bloggers/volunteers for various blogs. Ping us at contact.fingers@g mail.com if you...

@EvilFingers What type of appl? For jailb. iphones?

@EvilFingers I'll be stuck downtown without a car, so no NoVa for me. I might be out there later this summer.

@EvilFingers all ok, are long busy days cause work =)

@EvilFingers thanks