Support      
 
 

The creators of X-Cleaner are pleased to announce a new freeware product to help technical users regain control of their machines and to assist spyware researchers doing log analysis.

This tool is not meant to replace your standard anti-spyware scanner, but serve as diagnostic tool to help identify questionable processes on a machine.

Introduction

Overheard conversation at the XBlock Systems office between Theo (IT Manager) and Arnold (Lead Developer) after watching the Lord of the Rings triology and battling the latest spyware variants.

Theo: "A great host, you say?"

Arnold: "More like several server farms and zombie networks, shoving spyware and adware down the lines."

Theo: "How many?"

Arnold: "Ten million strong at least."

Theo: "Ten-million?!"

Arnold: "It is an army bred for a single purpose: to destroy the world of PCs by plastering them with porn-popups, unwanted pharmacy offers, and mortgage pitches. They will be here faster than you can pirate the latest MP3."

Theo: "Let them come."

Theo: "I want every man and strong lad able to bear a compiler, to be ready for battle by next release.




What and why?

As the spyware versus anti-spyware battle rages on, we were looking for good tools that allow a user to examine the contents of his or her machine and to take corrective actions against questionable programs. An excellent candidate for this is "HijackThis" by Merijn, which is already in use by many"anti spyware experts". We are a big fan of Merjin's work and we felt that HJT could be improved upon in some ways and thus the idea for X-RayPc Spyware Process Analyzer was born.

We took the best aspects of the HJT concept and linked it up to the SpywareGuide database. The result is something like a systems management tool with a built-in expert system. :)

If you can't wait to try it out, jump straight to the download page. If not, read on. Please note that X-RayPC is not intended to replace your anti-spyware solution but to act as a useful research tool. Currently X-RayPC is free for non-commercial use.


Features

Functional

  • Lists active processes
  • List autostarting programs
  • Lists BHOs, Download Program Files, IE Extension plugins, etc...
  • Shows file size and MD5 of all files instantly
  • One-Click "Triage" : shows which items are "good", "bad" or "unknown"
  • Integrated file-uploader
  • Integrated deactivation and removal of an item or file
  • Can kill running processes (within the limits of the OS security model)
  • Can delete in-use files (after reboot)
  • Can export the log file in text form, Excel format and in HJT-compatible format
  • Detects hundreds of suspicious programs

Technical

  • Fully compiled Win32 executable
  • Single file download: No external runtimes, DLL's, libraries,...
  • No install needed. No installer to mess with. Grab the executable and run it. Delete it when done.
  • Fast! Complete analysis of the system is done in a few seconds.


Benefits

Offline

X-RayPc Spyware Analyzer can be used as an interactive tool to to examine a users Windows environment and investigate and correct system malfunctions. Logs can be saved and/or uploaded to message boards.

Online

It can also be used as an remote interactive support tool. Let have a look at the schema.

Typical usage scenario

  1. A user has a problem with an infection, and cannot resolve it by himself or using an anti-malware scanner, so he contacts an "expert".
  2. The expert tells him to download and run X-RayPc.
  3. The user runs X-RayPc Spyware Remover, and uses the "Triage" system.
  4. X-RayPc Spyware Remover contacts the server, anonymously transmits the details of the items found the users Pc. The server returns "Known" or "Suspicious" status of "known" items and logs "unknowns".
  5. The user can remove the "suspicious" items immediately.
  6. If the problem is solved, the story ends here.
  7. The operator looks at the reports of the unknowns, and examines what they are. She uses her expertise and tools to determine the status of the item. If needed, an "automatic upload" can be initiated (with user consent) to obtain a copy of any mysterious file.
  8. The operator updates the "blacklist" or "whitelist" of items in the database via the web backend.
  9. The process restarts from number 3.
Important notes
  • If an item is already known by the server, zero operator action is needed
  • The operator only needs to examine each item once, so time can be spend processing new baddies, instead of looking at "coolwebsearch infection number 96.523"
  • Results of the operator operation are available in (near) real-time

Important Caveat: Currently the known list of trusted process is small and we are in the process of increasing this database as time allows. If you are technically savvy and would want to contribute to this effort please contact us here. We are happy to work with anti-spyware experts or those knowledable about standard system processes.


 

© Copyright 2006, Actiance, Inc. All rights reserved.