Skip navigation.


restore kaspersky backup file


Is there any way to "unpack" a Kaspersky backup file .klq? I'm looking for something like Symantec's qextract.exe to obtain samples, without restoring the file to the original computer. Thanks.

Open Source Command Line AV


Hi, I am looking for free open source Command Line Antivirus tools such as ClamAV. What free Command Line AV tools are out there?

Also, is it possible for ClamAV to return a more detail report similar to Symantec (virus name, virus id, virus type, etc.)?

Autorun Manager (OSAM) - now with online malware scanner!

| | |


Some days ago we released a new version of free utility - Online Solutions Autorun Manager (OSAM).

New features since previous release are:
- Online Malware Scanner (now you can easy and fast check your startup for malware using our online malware database)
- "Powerful" deletion objects using system driver

Here is an overview and download link.

I hope to find here a beta-testers for our software and get some feedback and suggestions to improve it! If you have any questions feel free to contact me.

Autorun Manager (OSAM) - utility which helps to find malware/rootkits at startup



We developed a free utility (Online Solutions Autorun Manager - OSAM) that helps to find malware/rootkits at computer's startup. It may be very useful for malware analysts, helpers and other users.

Here is an overview and download link.

I hope to find here a beta-testers for our software and get some feedback and suggestions to improve it! If you have any questions feel free to contact me.

Trojan construction kit needed

I need a trojan construction kit which works on SP2.. For a research and presentation..
Or a wrapper..
If anyone could help i'ld appritiate it

Storm Worm Config file parser


I have written a small Perl script that will extract the IP addresses and Port numbers from the Storm Worm configuration file. Right now this file can be found on an infected machine in the C:\windows directory and is currently named "aromis.config". This is a fairly simple script to run and it contains the ability to parse multiple files as it accepts wildcard characters "*" and/or multiple filenames. If your interested here is a link to it: storm_config_decoder_pl. Feel free to contact me if you have any questions or comments.

A safer way to monitor Javascript in a web page

Recently Val asked me to look over a html file that contained encoded data that was decoded by javascript.

It sent me on a mission to find a way to redirect javascript output to a console rather than to a browser window.

As always, firefox is your friend. I found this snippet on, tested it , and it works like a charm. Once you make the required changes to firefox, just edit the hostile javascript replacing " document.write() " with " dump() " and the output is sent to a console window.

Logging to the Standard Console An alternative method of logging debug information is available through the standard console mechanism. Before this method can be used, several modifications to the browser must be made. First, we need to add a new browser preference. In the URL bar in Firefox, type about:config and press enter. Right click in the list control and select the New » Boolean menu item to create a new boolean preference. Give the preference a name of browser.dom.window.dump.enabled and set the value to true.

The next step is to add the "-console" command line parameter to your Firefox startup shortcut. Using this parameter will cause the standard output console window to appear each time you run Firefox. Once this has been done, and Firefox has been started, any output produced by the dump() function will appear in this console window. The dump() function works just like the standard JavaScript alert() function, so the syntax is similar.

.attach packer


does anyone know of a good tool to unpack files that have a section .attach or ATTACH? it is used in sinowal/torpig and mebroot(that mbr rootkit).
usually I run the files and dump them. when it's a .sys -> osrloader and RootkitUnhooker is my combination. but here is my problem: the .sys from mebroot.. I didn't manage to load it in osrloader.. that's why I'm asking if there is any tool. or maybe a few tips on how to do it manually? :) TIA

Basic mIRC socket bot

Many people use mIRC bots in their IRC channels, some even use them for botnets, as I made the R2C bot. This bot is a socket bot which is very easy to use. Though, it will require a bit of mIRC script knowledge. The script is commented, and to make it easier to understand, I have putted it on Pastebin to make it readable with colors.

I don't know what more to say, I just hope people will find this 'script' useful, and if there's anything you don't understand, or found a bug (which MIGHT be somewhere in the script, don't remember) let me know.

- Link to the script

Threat Expert - automated malware analysis


Hi Guys,

For quick win32 file (EXE and DLL) file analysis, you may submit samples here

Sample report:

Hope this helps!


Syndicate content