Malware Scanner project by darcjrt

Original Post from Darcjrt here

I’m trying to contact Matt from remove-malware.com to see what comes out from this.
Rogues are out there. Those are the most common infections right now. Lots of clients are wasting money and even identities because of rogues.

I want to provide something to the community to help.
We’ll see.
;D

Perhaps it would be easier to just create it in a batch file ? :slight_smile:

Xan

Believe me it is not easy to code something like this. I’m trying to do something good. Not just a script file. I want to make sure FPs are low and the scanning is efficient. In order to achieve something like this, good programming has to be made.

I’m creating signatures from files, not just storing file names or sizes or paths. MD5, SHA1, SHA256 and SHA512 hash codes are used to determine the existence of malware.

Specific locations are read from the files to ensure high scan speeds. It sounds simple but it is not. I’m not going to be fashion and use CPU cache to temp store data so scanning becomes faster, but is is nice enough right now.

I will let you guys know when I’m done, and if some of you wants to test it or DARES to test it I will appreciate.

PLS note I’m not doing this as competition. My coding can not be compared to a real time AV or a descent AV as CAVS or any other antivirus. It is just that as a programmer and security fanatic, I want to prove that I still have it, hehehe.
88)

It’s an interesting and ambitious project you’re planning,you can put my name down as a tester. :-TU

Definitely interested… are you planning to release the code also ?

Thank you guys.

It hard to tell about the source…nah!! Of course I will give it out to anyone who ask for it. This is for benefit of all of us. If I dont finish it for any reason, any one else will be able to do it.

The way It is designed, the engine is separated from any GUI. It will be a dll. It is coded in C# framework 2.0.
At the moment the GUI, well is a console application.
I might be going way out of topic here but I really want to release this project. It will be a huge step for me as a developer.

So, admins can delete this post if they want to.
Anyway, as of today, the engine is 80% completed. It went trough major changes in the last hour as I changed the recursion method from using stacks to simple recursion methods, reducing CPU usage from 59 to 19 and RAM from 39MB to 7MB!! (all this under vista ultimate 32 bit)

The signature database is under development (SQLite for now). There is a prototype but I’m guessing not the final one.
The engine scans, look for possible detections and report back findings. Still working on that. I think first release might be only detection, just to test RAM, CPU and detection capabilities.

You’ve kindled my interest now darcjrt :slight_smile:

I’ll be sure to have a look when its released :slight_smile:

This topic goes from testing scanners to developing them… :stuck_out_tongue:

Definately OT. How about creating a new board just for this topic as it seems to have a following?

I would be awesome, however I dont think this qualifies as a CIS topic… :-\

One more thing? Why does the smilies are gone?? I cant see any big smilies just the small ones. !ot!

Neither does the OT boards.

:a0

[attachment deleted by admin]

You can post it in “Anti Virus/Malware Products/Other Security products” :-TU

They’ve changed the Smiley layout slightly you can find the big ones by clicking on “more” on the right hand side. :■■■■

:BNC
Thanks!! Did not see the link the first time. (:NRD)

Check it out.
(:NRD)

[attachment deleted by admin]

Nice. :-TU

Interesting darcjrt :slight_smile:

Xan

Very interesting :wink:

You can watch it here