12 июн. 2012 г.

xCore Beta 2012 testing

Today while surfing a well-known Russian IT-security forum, I found out that xCore AntiVirus, an antivirus toolkit which was developed in 2009 by two (?) guys and then not developed any more, has been reabilitated in January 2012. This project even became open-source, but now it has been taken by stopmalware.kz team who have some other usefull tools, maybe I’ll write more about them one day.
It is something like a small antivirus + some of the functions of AVZ by Oleg Zaytsev.
It was tested under Win 7 (no SP). Running in Win XP SP 2 compatibility mode doesn’t help to avoid the following bugs.
The core was completely remade on 10/03/2010 by old developers (beta 2.0) and now lots of new things have been added, but, unfortunately, the interface leaves the same (it isn’t an impotrant point at all, you do understand it if you’re an a bit advanced user).
Found bugs:
1. Database checking cannot be stopped while processing
2. If a scan was ran the virus database checking is performed and nothing else happens (may be sth is really checked but the uder isn’t informed)
3. The update doesn’t work: if to open xUpdate.exe than an icon in the tray appears but notning happens and it has no context menu
1-noupdate
4. The window cannot be neither closed neither something else. If the operation is complete, the ‘stop’ button is still active
2
I had to use Windows Task Manager to close scanners and ti terminate xupdate.exe proccesses.
Files and what they run:
scanwin.exe: cmd.exe (nothing happens) + database checking
xtest.exe: just the cmd is opened a closed (seems to be an application for using under cmd). A virus test file (if to run under cmd)
ureg.exe: the same as xtest.exe but the was a text in the opened & closed windows command line
reg.bat: the same. Used for regestering in the contextual menu (manually)
RegShell.exe: nothing (maybe registering ‘scan by xCore’ to the contextual menu)
xAsSystem.exe: seems to have a GUI, but again nothing happens. Is responsible for running scaner with System privileges (it it’s not said how to use it)
ASERreport.txt: the log, where everything you see in the window of the scanner is saved
xScanner.exe: Oh, the only running file with GUI working! Of course, while scanning it has the same bugs (does it scan anything?). But before starting scanner you may use some interesting tools, such as: opened ports viewer, Process, Autorun Managers, Settings, report (ASERreport.txt) opening. And opening some system tools, such as regedit, cmd etc.
Also a tool that lets you see MD5 of a chosen file and another toll to check if a file is registered in Microsoft’s clean files database. The bad point of md5 viewer is that it it doesn’t let you copy the result.
Working from the list above: opening system tools, MD5 and Microsoft. So everything from ‘File” menu works, nothing works from “tools”. Everything is OK with ‘Help’, but a local help file doesn’t exist. Whati liked is that cmd was ran from the folder of the program.
=================
So, it’s a tool, thar doesn’t work properly under Windows 7. The developers say it was tested under XP and verything was OK.
But it seems to be a good project (already with a long & cruel history :-)) and the toolkit seems to have lots of useful features.
I would recommend to the developers to, first of all, make a web-site and, secondly, give a fluent and detailed description how to use their beta. I can help :-)
At the moment of writing this post their website made under this toolkit had no content. Download xCore Beta 2012. If it runs on your system, please, let us know about it in comments. Attention! It is in Russian smile[1]

Комментариев нет:

Отправить комментарий