BitDefender System Information 1.0.0.2

Published by

BitDefender System Information will scan the computer for known locations where malware resides and create a log that will later be sent to the BitDefender Support team.
BitDefender System Information will scan the computer for known locations where malware resides and create a log that will later be sent to the BitDefender Support team.

This tool was developed with two things in mind. The first one was that it should be user friendly and the second was to get as much information as possible in a relatively short time.

BitDefender System Information will collect the needed data immediately and create a log in the desired location.

Features

File Information:
The tool tries to get the essential information about every file that it comes across.

Process Enumeration:
BDSystemInfo gathers information about the process running in the client’s system, along with the process command line. (this is very useful, especially when the process that is running is rundll32.exe). For each process listed we also enumerate the modules that the process loaded.

Layered stack providers Enumeration:
This information is useful for detecting malware that intercepts network traffic

Network Configuration:
For every network card installed we retrieve information like the ipAddress, the dhcpserver, subnetmask, defaultgateway, dhcpserver and others specific to the network card. The tool also gathers information about the internet connections established from the machine.(both tcp and udp ports).

Driver Enumeration & Service Enumeration:
Information about every running driver in the system

Internet Explorer Settings:
The current settings of Internet Explorer, such as the home page

Browser Helper Objects:
This is useful when the user is infected with some kind of malware that injects itself into Internet explorer (or explorer), such as a hidden toolbar that will display ads.

Winlogon startup:
BitDefender System Info lists the path of modules that are loaded when the users logs into Windows

Various Run Places:
The tool enumerates every process that starts when the users logs on windows.

Hidden process enumeration:
We have a simple but efficient trick to test if a process is hidden. It doesn't work every time, but we had good results using this method.

Autorun File Enumeration:
The tool lists the name and the content of every autorun.inf file located in the root of a partition (example C:\autorun.inf)

Scheduled Tasks:
BitDefender System Info enumerates every job that is scheduled on the user’s computer

Redirected Programs:
In Microsoft Windows you can set a program to be executed instead of another. (even though the users intends to execute a specific program). The tools displays the redirected program and the path to which is redirected

Policy Settings:
The tool displays the policy settings set by an administrator. This is useful especially when malware disables taskmgr or regedit.

Winlogon Settings:
This are settings specific to winlogon. The most interesting values displayed in this section is the shell and userinit value.

Addresses from etc\hosts:
This is the section where every line from the driver\etc\hosts file is displayed

Firewall Exceptions:
In this section you can find information about the files that is excepted from the Windows Firewall. (this works best for Trojan Downloaders)

Enumerate Hidden Programs:
The tool tries to get information about any program that is hidden to the user

Enumerate Program Files:
The tool enumerates recursively every directory from the Program Files folder, including information about any executable file that it find during the enumeration. We have used this information in order to find Rogue AV software installed on clients' computers.

Enumerate Installed Programs:
Some adware or rogue AV software install themselves as legitimate programs using Windows installer. You can search them in the list of installed programs. (this is the same information as the user sees when it goes to Add\Remove programs).

Other Security Settings:
This is the section where we included any additional information that couldn’t be included in any section listed above. For the moment, we only display here the data from the values that are used to redirect every executable file.

Enum Streams from Windows Dir:
As the name suggests, this section is used to display the path of any streams that run in windows directory.

  Download