Mike's Windoze Goodies

Installable Packages

• General Application Packages (password required)

System Configuration

• PC Setup (password required)

• Security Recommendations / Worm Clean-Up

• File / Printer Sharing

• Corrupted Icons/Fonts

• Windows Update Failures

• Canon Camera Connection Failures

Useful Tools

I have used/tested almost all of these.

• Packet sniffing tools:

  • Wireshark (needs WinPcap) [previously called Ethereal]
  • Wireshark Display Filter Guide (PDF)
  • TCPView (show open TCP/UDP sockets)

• Process monitoring tools:

  • Autoruns (system / user start-up configuration)
  • Process Explorer (files/DLLs)
  • Diskmon (file system activity)
  • Registry Usage (registry activity)
  • WinObj (object manager namespace)
  • Regshot (registry/system snapshot creator/comparator)
  • Othello Suspicious Program/Service Check (checks for valid code signatures from Certificate Authorities)
  • Port Reporter (logs TCP/UDP port activity; logs kept in 'C:\System32\LogFiles\PortReporter')
  • Windows Security Check (dumps lots of system info, process list, port list, executable files in memory) [ActiveX plug-in, works only with Internet Explorer]

• Malware/Adware/Spyware detection/removal tools:

  • Spybot - Search & Destroy (includes Tea-Timer real-time registry/configuration monitor)
  • Microsoft Security Essentials
  • Windows Defender (not needed if running Microsoft Security Essentials)
  • Microsoft Antispyware (obsolete - replaced by Windows Defender)
  • Bazooka Adware and Spyware Scanner
  • Ad-aware (personal use only)
  • ThreatFire (behaviour-based, not signature-based)
  • Primary Response SafeConnect (behaviour-based, not signature-based) (subscription only)
  • NovaShield Anti-Malware (behaviour-based, not signature-based) (subscription only)
  • Webroot Spy Sweeper (subscription only)
  • Trend Micro HouseCall (free on-line scanner)
  • Kaspersky (free on-line scanner)
  • Malwarebytes Anti-Malware
  • Vipre Antivirus + AntiMalware
  • Helios (malware detection system - still under development, so it is not recommended for use on a production system)
  • Microsoft Malware Removal Starter Kit
  • Find Malware On Your Windows Box Using The Command Line (covers the 'netstat', 'reg', 'dir', 'net users', 'localgroup administrators' and 'tasklist /svc' commands)

• Rootkit detection/removal tools:

  • Rootkit (Information, source code, executables)
  • Antirootkit (Information, prevention, detection, identification and removal)
  • Rootkit Detectors - InformationWeek

  • DarkSpy
  • F-Secure Blacklight
  • GMER
  • IceSword (Alternate site.)
  • KProcCheck
  • Process Magic (by WinEggDrop)
  • RKDetector
  • Trend Micro RootkitBuster
  • Winternals / Microsoft RootkitRevealer
  • Rootkit Shark
  • Rootkit Unhooker
  • System Virginity Verifier
  • UnHackMe
  • Windows Defender
  • Windows Malicious Software Removal Tool
  • Windows Strider GhostBuster Rootkit Detection

  NOTE: use of any of these tools can be dangerous to the stability of your system!

  I heard at a TASK presentation that 'F-Secure Blacklight', 'GMER', 'RootkitRevealer' and 'IceSword' seem to be the ones to try first; I believe they are all free. InformationWeek found Rootkit Unhooker to be the most comprehensive and powerful of the detectors they tested.

• Anti-Phishing Toolbars:

  • Netcraft (for IE, Firefox)
  • CoreStreet SpoofStick (for IE, Firefox)
  • GeoTrust TrustWatch (for IE only)

• Firewalls:

  • Zone Alarm (personal use only)

• Security Event Response:

  • Rapier (Rapid Assessment & Potential Incident Examination Report)

• Virus / Malware Scanning and Identification:

  • Virustotal
  • Jotti's Malware Scan

  I have not personally tested these, but they come highly recommended.

SANS has put together a list of tools in the following categories: frameworks (how one deploys the tools to the system), anti-virus, anti-spyware, anti-rootkit, backup, system analysis, malware analysis (a subset of system analysis tools focused to analyzing malware), network analysis, registry cleanup, remote support, patching, browser protection. Most of the tools are freely available.

Windows Info / Help Sites

• Personalize Your System With Windows XP

• Bart's Preinstalled Environment (PartPE) (build a bootable CD-ROM/DVD for PC maintenance/emergencies; described in InformationWeek article by Fred Langa)

• Windows Task List

• Windows XP Workshop Notes (University of Oregon)

• Kelly's Korner

• My Windows Info

• The Unix-Haters Handbook

• Lock Down A PC (on reboot, all changes to a system have disappeared; for Windows XP)

• Repair/Recovery CD-ROM / USB (for Windows XP)

• How To Survive The Worst PC Disasters (also has links to many fixes for PCs, network problems, general hints)

• SANS reports that some bots and other hacking tools are using this wordlist for password cracking attempts. It would be a good idea to feed this wordlist to your own cracker before the attackers do. Source.

• 7 Things Your Company's IT Department Doesn't Want You to Know (safe and legal ways to circumvent some companies restrictions on PC use)

• Blaster / Welchia Worm Response at U Connecticut

• EDUCAUSE SECURITY Archives -- July 2004 (#121) -- Security Incident Response Procedures -- Worm clean up procedure from Clyde Hoadley, Security & Disaster Recovery Coordinator, Metropolitan State College of Denver.

• Sircam Worm

• HTTP attacks - Code Red

• HTTP attacks - NIMDA

• Klez.* Worm - Removal Tool

Other Tools

NOTE: use at your own risk!

• 20 Tools To Get The Junk Off Your PC

• Revo Uninstaller

• jv16 Power Tools

• EasyCleaner

• CleanReg

• Clean Disk Security

• 10 Ways to Make Windows 98 Run Better

• 10 Ways to Make WinME Run Better

• sguide_tweak_98

• Diskeeper (disk defragmenter)

• MemTest86+ (memory tester)

• MemTest (memory tester)

• Microsoft Memory Diagnostic

Internet Explorer Security and Privacy Options

Computer Vendors

• Filtech Computers (439 Spadina Ave, Toronto, Canada M5T 2G6; 416-204-9904)
• OTA Computers (326 College St, Toronto, Canada M5T 1S3; 416-922-1177)
• Sonnam Computers (457 Spadina Ave, Toronto, Canada M5S 2G7; 416-598-0557)