For those few who are testing or using the toolkit already, and who happen to use AVG Anti-Virus, AVG is now reporting a false positive on the file 7zFM.exe, located in the \PortableApps\7-ZipPortable\App\7-Zip folder in the toolkit.

AVG Anti-Virus Network Edition
Version: 8.5.285
Virus DB: 270.11.35/2034

The file was checked with ClamWin Portable, http://www.virustotal.com/ and http://www.kaspersky.com/scanforvirus all of which reported the file clean***. In order to use 7-Zip, you will have to add the directory to the exception path list for the resident shield in AVG.

The file has been submitted to AVG as a false positive.

***On VirusTotal.com 2/40 programs found a problem with the file.
-AVG reports Pakes.DCZ (same program version as my local system)
-eSafe scanner reported a “Suspicious File”

Update April 3rd, 2009:

I received an email from AVG this morning:

AVG Anti-virus Research Lab has analyzed the file(s) you have sent from your AVG Virus Vault. Below you can find the results for each file. The final verdict on the file is either a correct detection or a false positive detection.

Further information about the verdicts are available at our website:
http://www.avg.com/faq-1184

“\PortableApps\7-ZipPortable\App\7-Zip\7zFM.exe” - false alarm

Best regards,

AVG Technical Support
website: http://www.avg.com

One of the purposes of this toolkit is to be able to scan/repair an infected system from viruses, trojans, and malware. As such, one of the tools included is ClamWin Portable.

The good news is that ClamWin Portable is capable of detecting and removing the Conficker worm that is supposed to become active April 1st, 2009.

ClamAV detects Downadup, also known as Conficker, as Worm.Downadup. Once on a system it downloads components that ClamAV detects as members of the Trojan.Downloader- family of signatures.

Link to full post

A few things to note

• The worm spreads through USB drives, as well as ad-hoc networks and other means. If using the toolkit on an infected system, make sure to scan the USB drive containing the toolkit as well.
• If using ClamWin for the first time, the latest virus database will need to be downloaded. The Conficker worm blocks many programs, possibly including ClamWin from updating. If you have not updated or run ClamWin Portable, it is recommended that you run it on a clean system and obtain the latest virus definitions before scanning and repairing an infected system.

Hi everybody.
We are happy to release V0.5 of the PAT4W. (1000.6MB unpacked, 409MB Download)

The programs we have added are:

• Paragon Partition Manager
• RealVNC Viewer
• Filezilla Portable
• all of the Nirsoft password tools**
• and GRC freeware utilities.

The menu was also tweaked and re-organized.

Please feel free to post your requests and opinions regarding the toolkit in the comments section of this post.

**Warning: Some programs will be flagged by anti-virus software as hack software (nirsoft password viewers). This is normal as they are technically “hack tools”. There will be an option to download future versions with or without these utilities.**

In preparation to release version 0.5 (which has grown to a whopping 979mb’s), I decided to find the best compression format for our toolkit. I normally use 7-zip and Winrar, but wanted to find out which one was the best out of those, and how they compared to other compression and archiving formats.

After looking around on Google for different compression and archiving formats, here is what I’ll be testing: 7-zip, ace, bzip2, gzip, lpaq8, rar, uha and zip. The bzip2, gzip, and lpaq8 compression formats only work on a single file, and therefore need to be archived first. To get a full comparison, I ran all of them on the tar archive used as well.

Settings Used for each Compression Format

File Details

The files being compressed have a total size of: 1,026,692,529 bytes. The toolkit is comprised of close to 200 programs, some command line and some win32 executables, as well as the DLL’s and text documentation that accompany each program. Many of the portable applications are already UPX’ed to save space, which makes it harder to re-compress them. The .tar archive created using peazip portable 2.1 is a total size of 1,041,943,040 bytes (101.49% of the files actual size).

Testing Methods

The testing methodology was pretty simple. Run the compression programs above on the tar archive as well as the files and folders directly when possible. Grab the file size (using windows file explorer) and calculate the compression ratio. Since I’m concerned only with the overall result, I used the total size of the files & folders to calculate the compression ratio each time. Because the tar archive is slightly larger than the files themselves, this ratio is not indicative of the actual compression ratio of the format, but final compression ratio of files on disk + archiving + compression.

I’m not overly concerned with the time it takes as most dual core machines should handle this quite easily, so I ran them in the background doing 3 or 4 at a time.

Note: I ran into problems using UHA compression on the files and folders directly. It gave errors with a specific file including with the Icon Sushi program in the toolkit. Because of that, there are no results for the UHA compression of the files, just the tar

Conclusions

I was surprised to see the ACE and UHA formats ahead of RAR when considering the popularity of the formats, but the ability to automatically span RAR’s and the availability of tools that support it probably account for the increased popularity compared to the slightly more efficient formats.

Just as surprising to me were the placings of Bzip2 and GZip vs the RAR and regular ZIP formats. I had assumed due to the popularity of .tar.gz and .tar.bz2 that they would be as efficient as RAR’s and significantly more efficient than the old zip format. This is not the case, but their open licensing is most likely responsible for their increase in popularity over the proprietary RAR and ZIP formats, especially with open source projects.

While the best compression format tested is lpaq8, the difference between that and 7-zip is negligible. The time and system requirements required for lpaq8 (1.6gb ram used and an hour of time) as well as the relative obscurity of the format means that we will be sticking with 7-zip as the format of choice for our toolkit.

Here is what you can expect in the next version of pat4w

-GRC freeware utilities:

These Utilities are old, and outdated in some cases, but still have their uses. I’ve included them more to have a complete toolkit that expecting them to be used often.

-Filezilla Portable (back from v0.1)

Its a great ftp client, and compared to the current ftp wanderer, much more capable.

-RealVNC Viewer (back from 0.2)

This was not re-added when we started the new “clean” folder method of setting up and testing the software for v0.3.

-Paragon Partition Manager

Program was added in v0.3, but no menu entry was created. Now you can find it in the menu under “Security and Administration ->  Disk Tools -> Paragon Partition Manager”

Planned changes before 0.5 release?

-Add Skype (possibly thinclient?)

-Add VOIP client

-Add the rest of the Nirsoft password tools**

-Menu link to SysInternals, Aircrack, NTToolkit and other command line utilities

**Warning: Some programs will be flagged by anti-virus software as hack software (nirsoft password viewers). This is normal as they are technically “hack tools”. There will be an option to download future versions with or without these utilities.

As most IT people in small companies, I wear many hats. Programmer, Network Administrator, Computer hardware and repair etc… Whats difficult is that you’re always on someone elses computer fixing something, wishing “If some of the programs on my computer were installed this would be so much easier.”

So that is the problem we set out to solve. Yes, there are other USB toolkits out there. Some are awesome and very useful, others not so much. We’re not trying to re-invent the wheel, just create something that we and hopefully many others can use.

Currently the latest version of the USB toolkit is: 0.4 (warning, this file is just over 400mb’s in size, and unpacks to almost 1gb)