Downloads

Vba32 AntiRootkit

December 3, 2016
BleepingComputer.com

Click here to visit Original posting

Vba32 AntiRootkit is an advanced Rootkit scanner from VirusBlockAda.  This free scanner will search for kernel-mode rootkits, suspicious autoruns, and hidden processes.  VBA AntiRootkit is an advanced tool as it does not perform an automatic scan and removal.  Instead it displays any possible issues, which you will then have to decide how to act upon. Therefore, this tool is only recommended for advanced users who can understand the information this program will display and be able to determine whether or not it indicates a malware presence on the computer.

VBA AntiRootkit also contains a basic scripting language that allows you, or helpers on forums, to create scripts for the removal of any Rootkits or suspicious programs this scanner may discover. To run a script, you would click on the File menu and then select Run Script. You will then be presented with a screen where you can write or paste in a script that will be used to remove files found by VBA AntiRootkit.

Scripts can use one of the following functions:

  • Brs_Start() – Enables low-level file access when using the script.  This is an important technique as it has a better chance of removing rootkit files.
  • Brs_QtnFile() – Copies the specified file to the quarantine location you specify.  This will be be performed after rebooting;
  • Brs_DelFile() – Deletes the file you specify between the parenthesis.  This deletion will occur after rebooting.
  • RebootSystem() – Reboots the computer.
  • CollectState() – Collects a variety of system information saves it in the to the Vba32ArkitLog.zip file. This file will be located in the same folder that the VBA AntiRootkit executable was run from.

An example script based upon the information found in the screenshots would be:

Brs_Start();
Brs_QtnFile("C:\Windows\System32\drivers\57198056.sys");
Brs_DelFile("C:\Windows\System32\drivers\57198056.sys");
RebootSystem();

Please note that the above script is just an example and it could, and probably will be, much more involved than the above.

A userguide for this program can be found at the following URL: ftp://anti-virus.by/pub/docs/english/vba32arkiten.chm.