begood Posted May 15, 2010 Report Posted May 15, 2010 About SpyDLLRemover SpyDLLRemover is the standalone tool to effectively detect and delete spywares from the system. It comes with advanced spyware scanner which quickly discovers hidden Rootkit processes as well suspicious/injected DLLs within all running processes. It not only performs sophisticated auto analysis on process DLLs but also displays them with various threat levels, which greatly helps in quick identification of malicious DLLs. The DLL search feature helps in finding DLL within all running processes using partial or full name. One of the unique feature of SpyDLLRemover is its capability to free the DLL from remote process using advanced DLL injection method which can defeat any existing Rootkit tricks. It also uses sophisticated low level anti-rootkit techniques to uncover hidden userland Rootkit processes as well as to terminate them. SpyDLLRemover supports wide range of platforms starting from XP to latest operating system, Windows 7. Along with this, it introduces new 'Scan Settings' option to allow the user to fine tune the scanning operation. With this user can now customize the various scanning modes and methods according to their taste. It also presents other numerous features such as improved heuristic analysis, enhanced user interface with cool look & feel, inteli-refresh of 'process viewer' resulting in flicker free user experience and many more... Current version provides support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. Features of SpyDLLRemover Here are some of the prominent and unique features of SpyDLLRemover which set it apart from any other tool of its kind. Advanced Spyware Scanner which efficiently discovers hidden Rootkit processes as well as suspicious/injected DLLs within all running processes in the system. Detection and removal of hidden userland Rootkit processes using sophisticated techniques such as - Direct NT System Call Implementation - Process ID Bruteforce Method (PIDB) as first used by BlackLight - CSRSS Process Handle Enumeration Method State of art technique for completely freeing the injected DLL from remote process based on advanced DLL injection method using low level implementation which defeats any blocking attempts by Rootkits. This is one of those unique features found only in SpyDLLRemover. Sophisticated DLL auto analysis which helps in separating out the legitimate modules/DLLs from the malicious ones. Such DLLs are displayed using different colors representing various threat levels for quicker and easier identification. Integrated online verification mechanism through ProcessLibrary.com to validate any suspicious DLLs. This makes it easy to differentiate between the spyware & legitimate DLLs. 'Scan Settings' option to fine tune the scanning operation based on user needs. Inteli-Refresh of 'Process Viewer' for flicker free user experience. 'DLL Tracer' feature to search for DLL within all running processes using partial or full name. Then user can choose to remove the DLL from single process or from all loaded processes with just one click. Sort the process/DLL in the list based on various parameters for easier and quicker analysis. Detailed report generation of Spyware scanning result as well as process/DLL list in standard HTML format for offline investigation. View the process/DLL properties for more information by just double clicking on the process/DLL entry in the list. Feature to show all running processes in the system which has loaded the selected DLL. Also user can click on "Remove DLL from ALL' button to quickly remove any such malicious DLL from all loaded processes. Termination of suspicious or hidden process based on low level implementation which makes it very effective against any Rootkit techniques. Support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. Displays detailed information about all running processes on the system - Process name - Process Id - Session Id - Company Name - Product Name - Process Description - Memory Utilization - Process Binary Path - Process File Size - File Install Date Shows detailed information about each loaded DLLs within process to make it easier for manual analysis. - DLL Name - Company Name - Description - Comment about type of DLL (System, Hidden, Suspicious) - Load/reference count of DLL - Loading Type (static/dynamic) - DLL File Size - File Install Date - Base Address of DLL - Entry point of DLL - Full DLL File Path It is standalone tool which does not require any installation and can be executed directly. Enriched user interface along with more user friendly options makes it the cool tool. SpyDLLRemover in Action Here are the screenshots of SpyDLLRemover which demonstrates its effectiveness in detecting spywares and eliminating them with ease. Screenshot 1: SpyDLLRemover scanning the infected system for spywares and showing the malicious DLL injected by Vanquish Rootkit along with other suspicious DLLs. Screenshot 2: SpyDLLRemover's newly introduced 'Scan Settings' which provides flexibility to user to fine tune the scanning operation. Screenshot 3: SpyDLLRemover detecting the hidden modules/DLLs injected within cmd.exe process by Vanquish Rootkit. Screenshot 4 : SpyDLLRemover's 'DLL Tracer' feature showcasing the DLL search operation to trace the DLL within all running processes. Screenshot 5: Detailed report of Spyware Scanning Result in HTML format generated by SpyDLLRemover. Testimonials for SpyDLLRemover SpyDLLRemover has received some great testimonials from elite customers who have been using this tool widely in their IT administration. Here is the testimonial from Lucas Rodriguez, President of Chip Computer Stores, Inc If you are using SpyDLLRemover and impressed with it, we are happy to get one from you. You can refer to this blog article for writing one such testimonial. For more details, refer to our 'Testimonial Section' on RootkitAnalytics web page. Acknowledgement I am thank full to my brother Raghuveer for designing the highly creative banner for the SpyDLLRemover on a short note. My kind regards to EF for pushing me to finish it in style only to realize my potential. History Version 3.2: 8th Feb 2010 Support for malicious DLL removal from system processes across session boundaries breaking the limitations imposed in Vista/Win7. Version 3.0: 30th Nov 2009 This version extends support for Microsoft's new operating system, Windows 7. Along with this, it introduces 'Scan Settings' option to allow the user to fine tune the scanning operation. Also it presents other new features such as improved heurestic analysis, enriched user interface, Intelli-Refresh of 'Process Viewer' etc. Version 2.5: 12th July 2009 Next major version of SpyDLLRemover with 'DLL Tracer' feature to quickly search for DLL within all running processes. It also includes the improved user interface and major bug fixes. Version 2.0.1: 30th May 2009 Released second version of SpyDLLRemover with enriched features such as Spyware Scanning of System, Improved DLL auto analysis, Enhanced GUI interface, HTML based report generation of spyware scanning result as well as process/DLL list, advanced technique for removal of injected DLL from all loaded processes, sorting the process/dll based on various parameters for easier and quicker identification. Version 1.0.1: 14th Mar 2009 First public release of SpyDLLRemover. Download SpyDLLRemover SpyDLLRemover is developed by me for RootkitAnalytics. However due to legal bindings, I cannot host it on this website. Hence please follow the below link to download it from RootkitAnalytics. Download SpyDLLRemover 3.2 from RootkitAnalytics.com Quote
