SpyDllRemover is the specialized tool for detecting spyware & hidden
Rootkit Dlls in the System. It can also detect & remove user-land
Rootkit processes as well as other spyware processes using multiple
[user-land] Rootkit detection algorithms coupled with in-house
Process heuristics. This makes it a generic tool for detecting &
removing any known as well as unknown threats compared to
traditional Antivirus Softwares which can detect only known threats.
One of the unique feature of SpyDllRemover is its ability to completely
remove Spyware/Rootkit Dlls from any running Process across session
boundaries using its 'Advanced Dll Ejection Method'. SpyDllRemover uses
low level (user-land) Anti-Rootkit techniques which can defeat all
tricks by such Rootkits to evade its detection and removal.
SpyDllRemover uses the differential color coding schemes to represent
each threat levels which makes it easy to analyze and quickly
differentiate between various threats. It also has 'Online Threat
Verification' mechanism coupled with third party application integration
to help in deeper analysis of all identified threats. With the 'Dll
Search' feature, one can quickly find out all running Processes which
have loaded the suspicious Dll. It's advanced report generation helps in
taking quick snapshot of system (with all running Processes & Dlls) and
pass it onto a specialist for further analysis.
Though this
tool is useful to novice users, it is mainly designed to help the
analysts to uncover spyware elements which are missed by
Antivirus softwares. So this tool can also be used along side the
traditional Antivirus softwares to effectively detect & protect against
known as well as unknown threats.
In addition to this, to protect your computer from identity theft, learn
identity theft facts
at lifelock.com, they highly recommend having a strong firewall, and
strong passwords to protect your computer from being hacked.
SpyDllRemover is fully Portable software
which can be directly run anywhere without installing locally. It works on wide range of platforms starting from Windows
XP to
latest operating system Windows 7.
Features of SpyDllRemover
Here are some of the special and unique features of SpyDllRemover.
Advanced Spyware Scanner which can effectively detect hidden
user-land Rootkit processes as well as suspicious/injected Dlls within all running
processes in the system.
Detection and removal of hidden
user-land Rootkit processes using sophisticated techniques such as
Direct NT System Call Implementation
Process ID Brute force Method
(PIDB) as first used by BlackLight
CSRSS Process Handle Enumeration
Method
State of art technique for completely removing the
injected DLL from remote process across session boundaries using
'Advanced DLL Ejection' method. This is one of those unique features
found only in SpyDllRemover.
Sophisticated Auto Analysis
based on Dll & Process Heuristics to help in identification of known as
well as unknown threats.
Color based threat representation
technique for clear and easier analysis of various type of threats.
Advanced 'Online Threat Verification' of suspicious elements
using VirusTotal, ThreatExpert, ProcessLibrary & Google-Search to help
in easier threat analysis.
Direct interface with Process &
File specific operations to defeat smart tricks by user-land Rootkits.
Integration of third party applications for extended analysis
of suspicious Process or Dll.
Inteli-Refresh of active
Processes shown in 'Process Viewer' provides flicker free & smoother
user experience.
'DLL Tracer' feature to search for
suspicious DLL within all running processes using partial or full name.
'Scan Settings' and 'General Options' dialog to customize
the entire operation based on one's needs.
'Right Click
Menu' integration for quick actions.
Advanced report
generation for offline as well as remote investigation by third party.
Displays detailed information about all running processes and
loaded Dlls for detailed analysis.
Completely Portable tool
which can be run from anywhere.
Internals of SpyDLLRemover
Unlike most of Anti-virus solutions and detection tools which uses
out dated signature based method, SpyDLLRemover uses Heuristics based
techniques to detect latest threats as they emerge out of the closet.In
addition to this, it also uses generic Rootkit detection techniques
which helps in uncovering most of the user-land based Rootkits.
Here are some of the technical articles which throws light on how
Rootkits operate under the hood and their detection methods
Though SpyDllRemoveris a Portable tool, it comes with
Installer so that you can install it locally on your system for regular usage. This
installer has intuitive wizard (as shown in the screenshot below) which
guides you through series of steps in completion of installation. At any
point of time you can use Uninstaller to remove the software from the
system.
Video Demonstration of SpyDllRemover
Here is the video demonstration of various use
cases of SpyDllRemover
Video 1: SpyDllRemover
detecting & removing hidden user-land Rootkit, HxDef.exe
SpyDllRemover Screenshots
Here are the screenshots of SpyDllRemover which
demonstrates its effectiveness in detection & removal of userland
rootkits, suspicious dlls & other spywares.
Screenshot 1: SpyDllRemover detecting HxDef user-land
Rootkit Process and the malicious Dll injected by Vanquish Rootkit along
with other suspicious DLLs.
Screenshot 3: SpyDllRemover showcasing Search feature which
helps in finding the suspicious Dlls in all running processes. Also
shows new 'Right Click Menu' for quick actions.
Here are some of the 'Frequently Asked Questions' for SpyDllRemover.
Since the first release of SpyDllRemover we have been hit by users with
some of the very common questions and it had been difficult to address
every users. So we have decided to put them all together here at once
place to make it easier for everyone.
1. Color, color What Color ?
SpyDllRemover uses predefined set of color coding for easier
interpretation of threat levels. Here are the details,
RED :
Level =>[High Risk] Dangerous;
Description => Hidden Rootkit/Spyware;
Action => Remove_Dll/Kill_Process;
Orange :
Level =>[Medium Risk] Suspicious;
Description => Suspicious
Rootkit/Spyware;
Action => Check_Online & then
Remove_Dll/Kill_Process/Contact_Us;
Yellow :
Level =>[Low Risk]
Analysis;
Description => Need further analysis, It may be Spyware
element;
Action => Check_Online & then Remove_Dll/Kill_Process;
Green :
Level => Good;
Description => System process/legitimate third
party process;
Action => Nothing;
No Color :
Level => Normal;
Description => normal process/dll;
Action => Nothing;
2. On 64 bit systems, Why I am not able to see the Dlls for
certain Processes?
SpyDllRemover is a 32 bit application, Hence does not work well
when run on 64 bit Systems. Howerver it provides partial support while
running on 64 bit Systems. So it will not be able to display the Dlls
and perform certain actions for 64 bit Processes. However it can work
well with 32 bit Processes (on 64bit Systems).
Complete support
for 64 bit Systems will be added in upcoming versions.
3. My firewall alerted me on SpyDllRemover trying to connect to
address *.*.*.* at port 80, What should I do ?
When you launch SpyDllRemover, it tries to connect to
our website to see if any newer version of
SpyDllRemover is available. If you do not want to receive updates about
new version, you can disallow it. Other than this SpyDllRemover does not
do any form of network activity.
4. I saw network traces from SpyDllRemover when I launched it. Is
this intended one ?
Please read the FAQ 3.
5. I am running SpyDllRemover as normal user (not administrator)
and I am not able to access some of the Process/Dlls. Why ?
When you are running SpyDllRemover as normal user, you will not be
able to access any of the system Processes and Processes belonging to
other users. For full access (Vista/Win7), you need to run SpyDllRemover
as Administrator by right click on SpyDllRemover.exe and then select
'Run as Administrator'.
6. Looks like I found a Bug. What do I do now ?
That's good thing you have done lately :) We are in fact waiting for
them. Send them to us with all possible information.
7. Here I did not find what I am looking for. What do I do now?
We have listed most of the favorite FAQs here. For others please
contact us.
Testimonials for SpyDllRemover
SpyDllRemover has received some great testimonials from elite
customers who have been using this tool widely in their IT
administration.
Here is the testimonial from Lucas Rodriguez, President of Chip
Computer Stores, Inc
I am thank full to my brother Raghuveer for designing the
highly creative banner
for the SpyDllRemover on a short note. My kind regards to EF for pushing me to finish it in style only to realize my
potential.
Special thanks to all the beta testers who have put
their time & energy in testing as well as sending suggestions/bug
reports.
Release History
Version 4.5: 26th Feb 2011
Support for Installer, Enhanced user interface with new banner
and other bug fixes.
Version 4.0: 2nd Oct 2010
Next big version of SpyDllRemover with following features:
Enhanced Threat verification with VirusTotal, ThreatExpert,
ProcessLibrary & GoogleSearch, Improved Auto Analysis, Addition of
process based heuristics for detecting Spywares, Advanced report
generation, Right click menu integration for quick actions,
Resizable Window for easier analysis. Direct interface with
createfile/terminate process functions to bypass all userland hooks.
integration of feature to check for new updates automatically.
Version 3.2: 8th Feb 2010
Support for malicious DLL removal from system processes across
session boundaries breaking the limitations imposed in Vista/Win7.
Version 3.0: 30th Nov 2009
This version extends support for Microsoft's new operating
system, Windows 7. Along with this, it introduces 'Scan Settings'
option to allow the user to fine tune the scanning operation. Also
it presents other new features such as improved heurestic analysis,
enriched user interface, Intelli-Refresh of 'Process Viewer' etc.
Version 2.5: 12th July 2009
Next major version of SpyDllRemover with 'DLL Tracer' feature to
quickly search for DLL within all running processes. It also
includes the improved user interface and major bug fixes.
Version 2.0.1: 30th May 2009
Released second version of SpyDllRemover with enriched features such as Spyware Scanning of System,
Improved DLL auto analysis, Enhanced GUI interface, HTML based report generation of spyware scanning
result as well as process/DLL list, advanced technique for removal of injected DLL from all loaded processes,
sorting the process/dll based on various parameters for easier and quicker identification.
